[plug] Alternatives to Verisign/Thawte
Onno Benschop
onno at itmaze.com.au
Thu Sep 18 18:57:55 WST 2003
On Thu, 2003-09-18 at 18:39, Craig Foster wrote:
> plug-admin at plug.linux.org.au wrote:
> > As part of a boycott of Verisign because of aforementioned reasons
> > does anyone have suggestions for a Certificate Authority for SSL web
> > server certificates? We're looking to get a couple. I've got a few
> > other vendor's websites, but was looking for any personal
> > recommendations.
Uhm, unless I'm totally mistaken, in which case, please correct me here,
you really, really don't need to use a Certificate Authority to get an
SSL server certificate. My understanding is that you can just generate
your own. You must realise that the only reason you're doing anything
with certificates in the first place is to ensure that you're using
secure comminications. If the aim is to do that, you only need to prove
to the visitor that you are who you say you are.
For example, if I want my clients to connect to my server to access
their web-site as it's being built and I've created an account for them
and I've found a secure way of getting their credentials to them, all
they need to know is that I am who I said I was.
My understanding is that for a server certificate to be from a CA is
only useful in any way if you're taking money off a client where there
is no prior relationship between you and the client. In effect by using
an external CA, you're basically saying: "This company over here, lets
say Bongo Drums, certifies that I am who I say I am. The Bongo Drums
organisation in turn says to the customer that they have verified that I
am who I say I am."
In effect, if you trust PLUG to authenticate people and you'd like to do
business with people authenticated by PLUG, PLUG could issue SSL server
certificates and you could decide to trust them.
At the end of the day this is to stop me from setting up a website,
calling it I-Build-Machines.com.au and having a big fat logo on the
front, making a relationship between me and a big company. The SSL would
show that the person who promised I was who I said I was, might not have
a good name themselves.
This is why this move by Verisign and thus by association Thawte is such
a blindingly silly move. If I don't trust them, then I won't do business
with those people who do.
Anyway, if I'm wrong, please don't hesitate to thump me. If I'm right,
I'll write up a nice little article and send it to Kimberly (hi!).
Cheers,
Onno Benschop
Connected via Optus B3 at S15:51'18" - E128:45'05" (Crossing Falls, Kununurra, WA)
--
()/)/)() ..ASCII for Onno..
|>>? ..EBCDIC for Onno..
--- -. -. --- ..Morse for Onno..
Proudly supported by Skipper Trucks, Highway1, Concept AV, Sony Central, Dalcon
ITmaze - ABN: 56 178 057 063 - ph: 04 1219 8888 - onno at itmaze dot com dot au
_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
More information about the plug
mailing list