AW: AW: ot: accepting self certs into win pc?

Patrick De Zordo patrick at
Tue Jun 24 15:25:30 UTC 2014

> -----Ursprüngliche Nachricht-----
> Von: dovecot [mailto:dovecot-bounces at] Im Auftrag von
> Stephan von Krawczynski
> Gesendet: Dienstag, 24. Juni 2014 17:15
> An: Patrick De Zordo
> Cc: 'Dovecot Mailing List'
> Betreff: Re: AW: ot: accepting self certs into win pc?
> On Tue, 24 Jun 2014 17:03:09 +0200
> Patrick De Zordo <patrick at> wrote:
> > Don't use self signed certs! - Buy some, or use free services! Your
> reputation will grow!
> I am sorry, but someone _has_ to say it: if anyone really thinks that a south
> african or US entity selling certs is the way to "grow your reputation" this
> alone should tell you that the whole thing is nothing but a bogus _business_.
> It has zero to do with security or the like. It is a _business_ and it should be
> obvious that you will only be lied by the corresponding entity if something
> bad happened (probably for years). Look at the diginotar story and _learn_.
[De Zordo Patrick] 
Basically true if using some "strange" certs providers. The cert providers proven by big software companies should be the safe way.

> The only way to make certs worth using again is to create a way every client
> can verify a self-signed certificate by some kind of dns pointer inside the
> questionable domain and/or the certificate.
> You cannot prove the correctness of a third party entity, and that's why there
> is no reputation at all.
[De Zordo Patrick] 
> > Cheers!
> Yes, have a beer...
 [De Zordo Patrick] 
I will, I will..

> --
> Regards,
> Stephan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6281 bytes
Desc: not available
URL: <>

More information about the dovecot mailing list