On Oct 26, 2012, at 2:49 AM, Chris Palmer wrote: > On Thu, Oct 25, 2012 at 4:58 PM, Rick Andrews <[email protected]> > wrote: > >> Further, no one has yet brought up the privacy issue. CAs sell a lot of >> certificates to companies for their internal use. Some of them may object to >> publishing all their internal domain names. > > I'm still fuzzy on why people can't use private issuers for private > domains. Seems not only obvious, but preferable for everyone.
It avoids the hassle of adding the private issuer to the browser of every single device that uses the web. It's fairly easy to do so for all the Windows machines connected to a Windows domain. But then you get a lot of helpdesk tickets for the people with Macs, the people who use Firefox on any platform, the people with iPhones, Android phones, Linux desktops, a Chromebook and something called a Wetab. It's worth the little extra expense of getting a certificate from a known issuer to avoid getting warning screens on all other devices. Yoav _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
