Archive of UserLand's first discussion group, started October 5, 1998.

Re: homebrew SSL certificates?

Author:Jason Levine
Posted:3/28/2000; 11:02:32 PM
Topic:IE 5 for Macintosh
Msg #:15757 (In response to 15756)
Prev/Next:15756 / 15758

The whole VeriSign/Thawte business model comes down to that one click.

Sort of -- that click has quite a bit of meaning.

The thing about the cert players that have their authority built into the browser is that they have a certain amount of trust from the community -- when they issue a certificate, they only do so once they can prove that they are doing so correctly, and to a recipient who is valid for the certificate requested. Today, I was frustrated at the hoops that I had to jump through to get my certificate, but in the end, you the end user should be happy that I had to jump through those hoops, because it means that you can trust my certificate to be truly from me. The infrastructure to guarantee this trust is formidible and expensive (I'd imagine), and that's what I pay for when I get my cert.

When you click through that dialog, you're saying that you understand that the certificate has absolutely no trust implied in it. Maybe OpenCA will be able to guarantee that trust, but it takes money and lots of time, and I don't see that.

/jason




This page was archived on 6/13/2001; 4:54:35 PM.

© Copyright 1998-2001 UserLand Software, Inc.