As such, I've created our organizational root certificate.Ġ8:13 VPN certs, etc, all pass through my hands.Ġ8:13 in order to get a cacert certificate. ![]() I'm trusted, exclusively, for all network decisions, included who/what gets on the network. If they haven't, I would like them to so that CACert gets more publicity.Ġ8:13 in our organization, I'm the network administrator. ![]() Because many people use CACert, many people may have already installed the root cert. In fact, I have no idea that you actually exist.Ġ8:11 no one have verified that you exist.Ġ8:11 in order to get a certificate, you have to submit a csr, as a verified person, known.Ġ8:12 it's a matter of who you trust to do the initial, root, verification.Ġ8:12 the certificate granted is on a sliding scale of trust, depending on how many signatories have signed your signing key.Ġ8:13 I use them because it's more likely that people will have that cert installed. FF (moz in general) will not accept it, by default (you can install the root ca) because they claim the model isn't trusted.Ġ8:09 Because it's a chain of trust, rather than a chain of cash.Ġ8:09 It's installed by default in a couple of more obscure browsers, but not yet in FF.Ġ8:09 right, so using is no different than signing my certificates myself.Ġ8:10 certificates have to be signed by verified 'Persons', rather than faceless corporate entities.Ġ8:10 I have no earthly idea who you are. All I've got to do is make sure the root CA certificate is installed on the client machines, and there are no problems.Ġ8:07 ecrist, I'm not so keen on self signed, esp since there are alternatives.Ġ8:08 lol, uses an invalid certificate, according to ff3.Ġ8:08 no different than my self-signed ones.Ġ8:09 ecrist: You don't have the root cert installed in your browserĠ8:09 ecrist, that's right. In the case of my networks, I control, 100%, the certificate chain. we've been bitten by that tooĠ8:06 rmull, goes to show that the only think 'trusted' CAs care about is the money.Ġ8:07 For my personal stuff I've been using Ġ8:07 I'm a proponent of self-signed certificates. It's similar to a connection failed, 404, etc.Ġ8:05 cpm: Lol, letter-head verification cracks me upĠ8:06 that I'll bet lead to losses greater than whatever losses were had by 'untrusted' certificates.Ġ8:06 ecrist: that's right. ![]() using faked letter head kinda stuff.Ġ8:05 I have IT people here, who, when they started using Firefox 3, thought we were having internal website problems because the ssl error wasn't friendly, at all. Where 'untrusted' certificates actually caused loss, relative to 'trusted' certificates that were acquired via fraudulent means.Ġ8:05 There are cases where folks paid good money to acquire certificates in another companies name. I'd *love* to see an analysis of ssl certificate fraud. :PĠ8:02 pinchartl: they *overly* imply that the site they user is connecting to is dangerous/fraudulent.Ġ8:02 ecrist: I think I agree with you for the most partĠ8:03 I just get constantly nagged by the "trust" aspect of SSLĠ8:03 But it costs so much to be trustedĠ8:03 And anyone with money seems trustworthy.Ġ8:03 I think, if they gave you a yellow bar, similar to the one they have for "do you want me to remember this password" indicating that, while the connection was encrypted, the site's identity cannot be verified" would be sufficient.Ġ8:04 ecrist: the risk my be overstated by Firefox, but that's better than understating it :-)Ġ8:04 pinchartl: that doesn't make it less wrong, on the part of mozilla.Ġ8:04 Safari does it nicely, without a lot of doom and gloom.Ġ8:04 yeah, that's pretty funny. 08:02 pinchartl: Moinmoin has the "validated xhtml" logo on the bottom of their pages, but if you actually run it through the validation, it fails.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |