Sorry this is a bit late.... Check out the convergence.io project. Covers all the bases you mentioned.
On Mon, Nov 25, 2013 at 11:15 AM, Gary A. Mort <garyam...@gmail.com> wrote: > Warning, this a a length rant/vent on the state of SSL certificates as > used on websites today. > > https://plus.google.com/117506461184749864074/posts/PqHMSjsY5hp > > The summary is: > I don't feel that purchasing SSL Certificates from "Trusted Third Parties" > as defined by Google, Microsoft, and Mozilla is currently worthwhile. If > your using them for security, set up your own internal CA with a couple of > roots and issue certs for your own usage. It's more secure because then > YOU are the one who decided to trust the CA. Moreover, it is more secure > because YOU can set much shorter expiration[why wait a whole year? Expire > it in a month and generate a new one!] so if a cert is stolen it will > expire soon - and YOU can revoke certificates that are being used > fraudulently. > > The only benefit to purchasing an SSL Certificate is marketing. There are > a few people who will choose not to purchase a product if the SSL > Certificate doesn't "look right". However, considering the large number of > active e-commerce websites taking orders today using expired certificates - > I think the number of sales lost is minimal. > > I do see a purpose to trusted third parties - it is just the current > system which is flawed. > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show-participation >
_______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show-participation
