On Tue, 2009-03-31 at 10:42 -0500, Bruno Wolff III wrote: > On Tue, Mar 31, 2009 at 12:27:08 +0100, > Bill Crawford <billcrawford1970@xxxxxxxxx> wrote: > > On Monday 30 March 2009 20:12:45 Bruno Wolff III wrote: > > > > > CAs that charge extra in order to sign certs that have flag set to > > > indicate that they can sign other certs in subdomains should be boycotted. > > > > This is actually a rotten idea. If you need internal testing systems, or to > > dynamically create them as needed, or you want to run shared hosting using SSL > > (as we do for internal testing, since our application requires SSL enabled) > > then being able to sign your own sub-domains and / or have a wildcard are > > pretty much essential. > > I was complaining about ripping people off by charging exhorbitant amounts > for signing keys, not that people / orgs shouldn't be able to get them. > Verisign does that to protect revenue, not for security reasons. ---- why does a dog lick themselves between the legs? because they can. Everyone is free to choose to purchase certificates from any well known certificate authority and it doesn't have to be Verisign. I don't know that they are exorbitant, I know that unless I am selling something to the public and don't want to scare the bejeebus out of them by offering a self-signed certificate, I'm not buying. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
