AW: ot: accepting self certs into win pc?

Stephan von Krawczynski skraw at ithnet.com
Tue Jun 24 15:15:21 UTC 2014


On Tue, 24 Jun 2014 17:03:09 +0200
Patrick De Zordo <patrick at spamreducer.eu> wrote:

> Don't use self signed certs! - Buy some, or use free services! Your reputation will grow!

I am sorry, but someone _has_ to say it: if anyone really thinks that a south
african or US entity selling certs is the way to "grow your reputation" this
alone should tell you that the whole thing is nothing but a bogus _business_.
It has zero to do with security or the like. It is a _business_ and it should
be obvious that you will only be lied by the corresponding entity if something
bad happened (probably for years). Look at the diginotar story and _learn_.

The only way to make certs worth using again is to create a way every client
can verify a self-signed certificate by some kind of dns pointer inside the
questionable domain and/or the certificate.

You cannot prove the correctness of a third party entity, and that's why there
is no reputation at all. 

> Cheers!

Yes, have a beer...

-- 
Regards,
Stephan



More information about the dovecot mailing list