Am 24.06.2014 17:25, schrieb Patrick De Zordo:
-----Ursprüngliche Nachricht----- Von: dovecot [mailto:dovecot-bounces@dovecot.org] Im Auftrag von Stephan von Krawczynski Gesendet: Dienstag, 24. Juni 2014 17:15 An: Patrick De Zordo Cc: 'Dovecot Mailing List' Betreff: Re: AW: ot: accepting self certs into win pc?
On Tue, 24 Jun 2014 17:03:09 +0200 Patrick De Zordo <patrick@spamreducer.eu> wrote:
Don't use self signed certs! - Buy some, or use free services! Your reputation will grow!
I am sorry, but someone _has_ to say it: if anyone really thinks that a south african or US entity selling certs is the way to "grow your reputation" this alone should tell you that the whole thing is nothing but a bogus _business_. It has zero to do with security or the like. It is a _business_ and it should be obvious that you will only be lied by the corresponding entity if something bad happened (probably for years). Look at the diginotar story and _learn_.
[De Zordo Patrick] Basically true if using some "strange" certs providers. The cert providers proven by big software companies should be the safe way
please stop to prove that you have no clue how certs are working
it does not matter who signed *your* cert the problem is that any client trust *thousands* of CA's *any* of them can sign to anybody a cert preteding he is you you can't do anything against that
if someone gets a certificate for yourdomain.tld and manages the client to connect to his server instead yours you have no way to take notice, the user have no way to notice and the game is over