On Fri, 2005-11-25 at 10:28 -0800, Daniel B. Thurman wrote: > Finally, does anyone supply their own CA avoiding "trusted" > CA sites such as Verisign/Thwait.etc.? Is there really any > serious problems or risk by not using them as a trusted CA > source? Depends on your purposes. e.g. If you were offering a service to the public, they'd need to know that you're who you say you are. A trustable third party is usually the only feasible way of doing that. e.g. If you just wanted to use SSL within your own network to prevent snooping, and had your own way of verifying that you were connecting to the right box, then a third party confirming that isn't needed. -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
