On Sun, Sep 19, 2004 at 05:44:34PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote:
> I would not trust a CA that hands out certificates for free, that's
> pointless and does not give any more security than a self-signed
> certificate. A thrustworthy CA does all kind of background checks in order
^^^^^^^^^^^^
> to assure that he's giving a certificate to the correct person/company (not
> somebody trying to suplant them) and to check that the certificate is being
> handled correctly so that it is not that easy to be lost.
So very appropriate.
The extant CAs aren't appreciably trustworthy, nor are they
appreciably secure, and users can't tell the difference anyway. This
doesn't matter because nobody attacks anything worthwhile by capturing
traffic. SSL is basically irrelevant on the modern internet [see
crypto-gram, earlier this year].
--
.''`. ** Debian GNU/Linux ** | Andrew Suffield
: :' : http://www.debian.org/ |
`. `' |
`- -><- |
Attachment:
signature.asc
Description: Digital signature