[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

If not StartSSL, the next best CA for individuals?



On 04/12/14 19:40, Eric Mill wrote:
> (Setting aside how awful the CA system is generally...)
> 
> For those who still have a need to participate in it, and for those 
> angry at StartCom's refusal to waive[1][2] revocation fees for their 
> free class 1 certs, what's the best CA for the job?
> 
> Even if not free, I'm looking to recommend[3] something priced 
> attractively for individuals and non-commercial uses. The friendlier 
> the interface, and the more reliable and principled the customer 
> service, the better.

Read the draft of Peter Gutmann's big book called Security Engineering. [1]

It tell (among things) the story that people accept scary warnings a
signal that a site is secure. Even if the opposite it true.

I suggest to create a self-signed certificate. (Unless you're a bank as
Firefox warns against that).

Guido.

1: https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20140412/acb0106b/attachment.sig>