change cyrus-imapd ssl certificate FC3

Aleksandar Milivojevic amilivojevic at pbl.ca
Thu Dec 2 15:05:08 UTC 2004 

Frank Pineau wrote:
> Sorry if that sounds like a commercial, it's just that I finally found someplace
> that's cheaper than a couple of hundred bucks.

There's several places that are cheaper than "couple of hundred bucks". 
  Verisign is not the only one selling certificate for a long time. 
Some of those places will sell you wildcard certificates, and some will 
sell you certificates in bulks of 5 or 10 dirt cheap.

Anyhow, if you are home user, you should ask yourself do you really need 
certificate sign by CA whose root certificate is shipped with browsers. 
  For most home users, self signed certificate (or generating your own 
root certificate and signing with it) will work quite well.

"Official" root CA signed certificates, the way they are currently being 
issued, the way identity of buyer is checked, and the way they are 
currently being used, are usefull only for not annoying users with 
pop-up warning windows.  It is not that complicated to buy forged 
certificate (ask Verisign and Microsoft, they still haven't figured out 
who was the guy Verisign sold certificate in MS name some time ago).  If 
that can happen to big name such as Microsoft, somebody buying 
certificate in some home user's name would probably go quite unnoticed. 
  This is nothing suprising.  CAs are commercial entities, so they are 
after generating large volumes of profit.  Strict identity checking 
would severely slow down the process, customers would go to somebody 
else who is "faster" (because that somebody has more loose identity 
checks), so everybody is gradually lowering the bar (and no, credit card 
is not sufficient identity check -- it only links couple of numbers that 
are printed on the card to person who will be charged by the bank, it 
doesn't say a thing about identity of person who typed those numbers 
into some kind of web form, or about authority of that person to use the 
card).

-- 
Aleksandar Milivojevic <amilivojevic at pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7

More information about the fedora-list mailing list