From owner-freebsd-hackers Mon Feb 10 6:18:46 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E388737B401 for ; Mon, 10 Feb 2003 06:18:44 -0800 (PST) Received: from mout2.freenet.de (mout2.freenet.de [194.97.50.155]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD53443FBD for ; Mon, 10 Feb 2003 06:18:43 -0800 (PST) (envelope-from ino-qc@spotteswoode.de.eu.org) Received: from [194.97.50.136] (helo=mx3.freenet.de) by mout2.freenet.de with asmtp (Exim 4.12) id 18iEle-0004tL-00 for freebsd-hackers@FreeBSD.ORG; Mon, 10 Feb 2003 15:18:42 +0100 Received: from p3e9baaf6.dip.t-dialin.net ([62.155.170.246] helo=spotteswoode.dnsalias.org) by mx3.freenet.de with asmtp (ID inode@freenet.de) (Exim 4.12 #2) id 18iEle-0003jq-00 for freebsd-hackers@FreeBSD.ORG; Mon, 10 Feb 2003 15:18:42 +0100 Received: (qmail 4186 invoked by uid 0); 10 Feb 2003 14:18:41 -0000 Date: 10 Feb 2003 15:18:41 +0100 Message-ID: <4r7cw75q.fsf@ID-23066.news.dfncis.de> From: "clemens fischer" To: "Terry Lambert" Cc: "Josef Karthauser" , freebsd-hackers@FreeBSD.ORG Subject: Re: Anyone where to get a signed SSL certificate cheap? References: <20030205181724.GB87471@genius.tao.org.uk> <3E416AFA.85AF4F28@mindspring.com> In-Reply-To: <3E416AFA.85AF4F28@mindspring.com> (Terry Lambert's message of "Wed, 05 Feb 2003 11:50:18 -0800") User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/21.3.50 (i386-unknown-freebsd4.6.2) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Terry Lambert : > Note that many people have older browsers: the older the browser, > the smaller the number of signing authorities they will recognize > by default. Keep this in mind when picking browsers to examine. > > As a general comment, VeriSign does this as well, and tends to get > the signing authority to either raise their price, or, if they will > not, buys them, and raises their price. Certificate signing is fast > becoming a monopoly. these seem to be two reasons for making up ones own root-CA. if people are likely to have to import it anyway, why not give them your own one? also, this monopoly isn't based on something the monopolies really have to themselves. the only true reason to buy a certificate might be the $$ needed to insure or guarantee them before a court of law in case of liability. clemens To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message