From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.50) id 1Ec7oo-0001L4-3V for garchives@archives.gentoo.org; Tue, 15 Nov 2005 20:54:18 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id jAFKrKfi006158; Tue, 15 Nov 2005 20:53:20 GMT Received: from flower.jolet.net (cpe-24-27-31-221.austin.res.rr.com [24.27.31.221]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id jAFKme0k022336 for ; Tue, 15 Nov 2005 20:48:40 GMT Received: from localhost (localhost.localdomain [127.0.0.1]) by flower.jolet.net (Postfix) with ESMTP id 183D818036 for ; Tue, 15 Nov 2005 14:48:39 -0600 (CST) Received: from flower.jolet.net ([127.0.0.1]) by localhost (flower.jolet.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 05354-06 for ; Tue, 15 Nov 2005 14:48:38 -0600 (CST) Received: from [192.168.1.51] (unknown [192.168.1.1]) by flower.jolet.net (Postfix) with ESMTP id 5C21418031 for ; Tue, 15 Nov 2005 14:48:38 -0600 (CST) From: John Jolet To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] OT - SSL certificate authorities Date: Tue, 15 Nov 2005 14:48:50 -0600 User-Agent: KMail/1.8.1 References: <437A4861.7050500@gmail.com> In-Reply-To: <437A4861.7050500@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200511151448.50830.john@jolet.net> X-Virus-Scanned: by amavisd-new at jolet.net X-Archives-Salt: 65daa96f-e19f-4ba1-a89c-bdbb1c27ce0f X-Archives-Hash: f1318bdd581bc450a2908bbc10616e66 On Tuesday 15 November 2005 14:43, Antoine wrote: > Hi, > We are going to set up ssl on a webserver at work and I guess that means > we need a certificate... does anyone have any useful alternatives to > Verisign? Are they really worth the name? > We are not going to be doing any monetary transactions but our clients > are very security conscious (who isn't!) and I have no experience in > these matters. I am certain the boss will want verisign, as he buys a > lot of stuff just for the name but if I can offer him a comparable > alternative at a fraction of the cost he may go for it. > Cheers > Antoine Well, from a security aspect, you can't get more secure than being your own ca. you sign all your own certificates. of course, then the clients will see that your ca isn't trusted, but who the hell trusts verisign these days? not me. not after that search engine crud they pulled a few years ago. -- John Jolet Your On-Demand IT Department 512-762-0729 www.jolet.net john@jolet.net -- gentoo-user@gentoo.org mailing list