delegating SSL certificates
John Levine
johnl at iecc.com
Sun Mar 16 11:50:33 EDT 2008
>> So at the company I work for, most of the internal systems have
>> expired SSL certs, or self-signed certs. Obviously this is bad.
>
>You only think this is bad because you believe CAs add some value.
Presumably the value they add is that they keep browsers from popping
up scary warning messages. There are all sorts of reasonable
arguments to be made that the browsers are doing the wrong thing (and
the way that Microsoft prevents you from ever deleting any of their
preinstalled CA certs is among the wrongest.)
Nonetheless, unless we can persuade all the users in question to
adjust their browsers, which is always a losing battle, it's easier
just to pay the $15 protection money and get a CA signature.
Regards,
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list