Ryan Sears wrote:
> Wait, what? Are they *really* signed by a trusted CA?

Yup.  Startcom was added to the windows root certificate program in
September 2009.  They were already in Firefox and Safari at that time.

It work just fine everywhere, as long as you correctly install the
intermediate certs according to the instructions, much like you need to
do for a godaddy or other cert these days.

http://www.startssl.com/?app=25#31

They allow one alt name of your choosing. Authentication is handled with
client side certs.  They do basic fraud avoidance like flagging people
who ask for, say, usbank.example.com as their alt name(I've tried ;-)

As far as I can tell there is absolutely no upside to paying for some
other Class 1 (domain/email validated) cert over the startcom free cert.
 Of course, if you need a wildcard cert, class 2 cert with business
verification(so your name shows up when smart users hover over the lock
icon), or extended validation cert(so the bar turns green), you still
have to pony up.  Otherwise, class 1 certs are common and trusted on the
Internet.  Most people don't know or care about the differences of the
different classes.

#1 reason to not use SSL is gone. Spread the word. ;-)

> I was going to suggest getting one from GoDaddy 
> (http://www.godaddy.com/Compare/gdcompare_ssl.aspx?isc=sslqgo026e). Hell I'll 
> even pay for it myself, anything I can do to support you guys!
> 
> Maybe we should go with comodo? :-P
> 
> Ryan
> 


-- 
 | Steven Pinkham, Security Consultant    |
 | http://www.mavensecurity.com           |
 | GPG public key ID CD31CAFB             |



------------------------------------------------------------------------------
Benefiting from Server Virtualization: Beyond Initial Workload 
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve 
application availability and disaster protection. Learn more about boosting 
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to