On Tue, 24 Jun 2014 17:03:09 +0200 Patrick De Zordo patrick@spamreducer.eu wrote:
Don't use self signed certs! - Buy some, or use free services! Your reputation will grow!
I am sorry, but someone _has_ to say it: if anyone really thinks that a south african or US entity selling certs is the way to "grow your reputation" this alone should tell you that the whole thing is nothing but a bogus _business_. It has zero to do with security or the like. It is a _business_ and it should be obvious that you will only be lied by the corresponding entity if something bad happened (probably for years). Look at the diginotar story and _learn_.
The only way to make certs worth using again is to create a way every client can verify a self-signed certificate by some kind of dns pointer inside the questionable domain and/or the certificate.
You cannot prove the correctness of a third party entity, and that's why there is no reputation at all.
Cheers!
Yes, have a beer...
-- Regards, Stephan