[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
If not StartSSL, the next best CA for individuals?
On 04/12/14 19:40, Eric Mill wrote:
> (Setting aside how awful the CA system is generally...)
>
> For those who still have a need to participate in it, and for those
> angry at StartCom's refusal to waive[1][2] revocation fees for their
> free class 1 certs, what's the best CA for the job?
>
> Even if not free, I'm looking to recommend[3] something priced
> attractively for individuals and non-commercial uses. The friendlier
> the interface, and the more reliable and principled the customer
> service, the better.
Read the draft of Peter Gutmann's big book called Security Engineering. [1]
It tell (among things) the story that people accept scary warnings a
signal that a site is secure. Even if the opposite it true.
I suggest to create a self-signed certificate. (Unless you're a bank as
Firefox warns against that).
Guido.
1: https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20140412/acb0106b/attachment.sig>