-----Ursprüngliche Nachricht----- Von: dovecot [mailto:dovecot-bounces@dovecot.org] Im Auftrag von Stephan von Krawczynski Gesendet: Dienstag, 24. Juni 2014 17:15 An: Patrick De Zordo Cc: 'Dovecot Mailing List' Betreff: Re: AW: ot: accepting self certs into win pc?
On Tue, 24 Jun 2014 17:03:09 +0200 Patrick De Zordo <patrick@spamreducer.eu> wrote:
Don't use self signed certs! - Buy some, or use free services! Your reputation will grow!
I am sorry, but someone _has_ to say it: if anyone really thinks that a south african or US entity selling certs is the way to "grow your reputation" this alone should tell you that the whole thing is nothing but a bogus _business_. It has zero to do with security or the like. It is a _business_ and it should be obvious that you will only be lied by the corresponding entity if something bad happened (probably for years). Look at the diginotar story and _learn_.
[De Zordo Patrick] Basically true if using some "strange" certs providers. The cert providers proven by big software companies should be the safe way.
The only way to make certs worth using again is to create a way every client can verify a self-signed certificate by some kind of dns pointer inside the questionable domain and/or the certificate.
You cannot prove the correctness of a third party entity, and that's why there is no reputation at all.
[De Zordo Patrick] ??
Cheers!
Yes, have a beer...
[De Zordo Patrick] I will, I will..
-- Regards, Stephan