[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SAGE] Re: Are cheap SSL certificates legitimate?

To: philiph@pobox.com
Subject: [SAGE] Re: Are cheap SSL certificates legitimate?
From: seph <seph@directionless.org>
Date: Mon, 22 Jan 2007 14:03:57 -0500
Cc: Jonathan Billings <billings@negate.org>, sage-members@sage.org
In-Reply-To: <20070120001725.GQ20885@hollenback.net> (Philip J. Hollenback'smessage of "Fri, 19 Jan 2007 19:17:25 -0500")
References: <9516.1169229868@mental.com><20070119135352.E38307@aphrodite.acf.aquezada.com><D0AA9836-467D-4F89-8767-C8620F28B41B@stanford.edu><45B125F8.8050307@negate.org><55E31D63-F9CA-47B9-B503-3072C11D2F0A@stanford.edu><45B12BAE.3070007@negate.org> <20070120001725.GQ20885@hollenback.net>
Sender: owner-sage-members@usenix.org
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.3 (gnu/linux)

"Philip J. Hollenback" <philiph@pobox.com> writes:

> But in this case I think I have to pay for something.  Otherwise I
> will have to spend a large amount of time configuring all the
> different clients and operating systems.

This is easier than you make it sound. But I haven't bothered setting
up an office CA, so I'm not really one to talk.

> Thus I really want to know if these 'cheap' certificates are
> sufficient and I'm not somehow opening myself up to some sort of
> security problem later on.

It's PKI. If your clients already trust that CA, then you're already
vulnerable to errors from them.

Chained certs shouldn't be visible to the clients, they're just a bit
harder to install and deal with on the server side.

FTR I use rapidssl because they're the cheapest thing I'd found whose
CA is trusted by everything I need. I haven't had any problems.

seph

References:
- Re: [SAGE] Are cheap SSL certificates legitimate?
  - From: Alexander Lobodzinski <lobo@mental.com>
- Re: [SAGE] Are cheap SSL certificates legitimate?
  - From: "Julian C. Dunn" <jdunn@aquezada.com>
- Re: [SAGE] Are cheap SSL certificates legitimate?
  - From: "Sandor W. Sklar" <ssklar@stanford.edu>
- Re: [SAGE] Are cheap SSL certificates legitimate?
  - From: Jonathan Billings <billings@negate.org>
- Re: [SAGE] Are cheap SSL certificates legitimate?
  - From: "Sandor W. Sklar" <ssklar@stanford.edu>
- Re: [SAGE] Are cheap SSL certificates legitimate?
  - From: Jonathan Billings <billings@negate.org>
- Re: [SAGE] Are cheap SSL certificates legitimate?
  - From: "Philip J. Hollenback" <philiph@pobox.com>

Prev by Date: Re[2]: [SAGE] The danger of SSH keys..
Next by Date: Re[2]: [SAGE] The danger of SSH keys..
Prev by thread: Re: [SAGE] Are cheap SSL certificates legitimate?
Next by thread: Re: [SAGE] Are cheap SSL certificates legitimate?
Index(es):
- Date
- Thread