Your assertion that using bought certificates provides any security benefit
whatsoever assumes facts not in evidence.
Given recent failures in this space I would posit that the requirement to use
certificates purchased from entities under the thumb of government control,
clearly motivated only
On Sun, Dec 30, 2012 at 3:30 PM, Keith Medcalf kmedc...@dessus.com wrote:
Your assertion that using bought certificates provides any security benefit
whatsoever assumes facts not in evidence.
Given recent failures in this space I would posit that the requirement to use
certificates
While i will agree that the client being able to validate the certificate
directly is the best place to be, I do not see any advantage of requiring
purchased certificates over self-signed certificates. IMO it provides no
realistic security benefit at all.
Then again I don't award points for
On 12/30/12, Keith Medcalf kmedc...@dessus.com wrote:
Your assertion that using bought certificates provides any security
benefit whatsoever assumes facts not in evidence.
I would say those claiming certificates from a public CA provide no
assurance of authentication of server identity greater
I would say those claiming certificates from a public CA provide no
assurance of authentication of server identity greater than that of a
self-signed one would have the burden of proof to show that it is no
less likely for an attempted forger to be able to obtain a false
bought certificate from a
On 12/30/12, John Levine jo...@iecc.com wrote:
Do you ever buy SSL certificates? For cheap certificates ($9
Geotrust, $8 Comodo, free Startcom, all accepted by Gmail), the
entirety of the identity validation is to send an email message to an
address associated with the domain, typically one
6 matches
Mail list logo
