[linux-elitists] SSL security certificates

Modus Operandi modus@as220.org
Thu Apr 10 16:33:26 PDT 2003


Hey 31337ists,

    I can't recall whether I already posted on this topic, but if 
    so, here I go again:

    What are the pros and cons of self-signing security certificates?
    
    As far as I can tell, the only problem with self-signed certs is
    that the first time a browser encounters one, the user is warned
    that the cert cannot be verified to be trustworthy. Once the user
    decides they trust the cert, the message goes away and the SSL
    does its magic. I've seen this behavior when using squirrelmail to
    check my mail at woozle.org -- it doesn't bother me because I trust
    WoozleWorks, but if I were setting up a site to do business with the
    public, I might be more concerned about violating the web of trust.
    
    On the other hand, self-signed certs are free, while VeriSign 
    charges an arm and a leg ($500 - $1,000) annually. There are plenty
    of other cert authorities out there -- Thawte, Entrust, Comodo and
    dozens of others -- but what makes one more "trustworthy" than
    another? Where can I find a good, secure cert that will be accepted
    by browsers without complaints?

    And if I decide to go the self-signed route, what's a good resource
    to show me the quick and dirty way of rolling my own 128-bit cert?

-- 
+-----------------+-----------------------------------------------+
| Random  Oedipus | "No one can do to the Disney Corporation what |
| RI Pseudo Nomad |     Walt Disney did to the Brothers Grimm."   |
| Modus  Operandi |                     -- Lawrence Lessig        |
| modus@as220.org |      http://www.eff.org/IP/freeculture/       |
+-----------------+-----------------------------------------------+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030410/4a965b89/attachment.pgp 


More information about the linux-elitists mailing list