[olug] Web Site Certificates - OT

Will Langford unfies at gmail.com
Thu Jul 31 21:57:12 UTC 2008


re: CACert

Alright, time for a fun question.

You get an ssl cert saying you own a given ip / domain name blah blah blah.
It's signed against some master certificate.

Now.

If an SSL cert is invalid or is spoofed or however you wanna befall evil.
Can you return to the original root cert issuer and complain ?  Can someone
be held liable ?  What if the original root cert gets compromised and
someone creates some bogus signages ?

In short -- while having  a central trusted signing area is needed, is it
generally a farce to charge more than a buck or two for the service because
some automated script generates signage for the client to use on their
domains ?  How does $200 buy you better protection than $2 ?  How does the
$20/year I pay maintain the original ~4k of data that the master cert is ?
For my $20 do I get retribution if evil is afoot ?

-Will



More information about the OLUG mailing list