change cyrus-imapd ssl certificate FC3
Aleksandar Milivojevic
amilivojevic at pbl.ca
Thu Dec 2 15:05:08 UTC 2004
Frank Pineau wrote:
> Sorry if that sounds like a commercial, it's just that I finally found someplace
> that's cheaper than a couple of hundred bucks.
There's several places that are cheaper than "couple of hundred bucks".
Verisign is not the only one selling certificate for a long time.
Some of those places will sell you wildcard certificates, and some will
sell you certificates in bulks of 5 or 10 dirt cheap.
Anyhow, if you are home user, you should ask yourself do you really need
certificate sign by CA whose root certificate is shipped with browsers.
For most home users, self signed certificate (or generating your own
root certificate and signing with it) will work quite well.
"Official" root CA signed certificates, the way they are currently being
issued, the way identity of buyer is checked, and the way they are
currently being used, are usefull only for not annoying users with
pop-up warning windows. It is not that complicated to buy forged
certificate (ask Verisign and Microsoft, they still haven't figured out
who was the guy Verisign sold certificate in MS name some time ago). If
that can happen to big name such as Microsoft, somebody buying
certificate in some home user's name would probably go quite unnoticed.
This is nothing suprising. CAs are commercial entities, so they are
after generating large volumes of profit. Strict identity checking
would severely slow down the process, customers would go to somebody
else who is "faster" (because that somebody has more loose identity
checks), so everybody is gradually lowering the bar (and no, credit card
is not sufficient identity check -- it only links couple of numbers that
are printed on the card to person who will be charged by the bank, it
doesn't say a thing about identity of person who typed those numbers
into some kind of web form, or about authority of that person to use the
card).
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the fedora-list
mailing list