AW: ot: accepting self certs into win pc?
Stephan von Krawczynski
skraw at ithnet.com
Tue Jun 24 15:15:21 UTC 2014
On Tue, 24 Jun 2014 17:03:09 +0200
Patrick De Zordo <patrick at spamreducer.eu> wrote:
> Don't use self signed certs! - Buy some, or use free services! Your reputation will grow!
I am sorry, but someone _has_ to say it: if anyone really thinks that a south
african or US entity selling certs is the way to "grow your reputation" this
alone should tell you that the whole thing is nothing but a bogus _business_.
It has zero to do with security or the like. It is a _business_ and it should
be obvious that you will only be lied by the corresponding entity if something
bad happened (probably for years). Look at the diginotar story and _learn_.
The only way to make certs worth using again is to create a way every client
can verify a self-signed certificate by some kind of dns pointer inside the
questionable domain and/or the certificate.
You cannot prove the correctness of a third party entity, and that's why there
is no reputation at all.
Yes, have a beer...
More information about the dovecot