[nycphp-talk] The SSL Certificate Scam
Adrian Noland
anoland at indigente.net
Tue Dec 3 15:00:44 EST 2013
Sorry this is a bit late....
Check out the convergence.io project. Covers all the bases you mentioned.
On Mon, Nov 25, 2013 at 11:15 AM, Gary A. Mort <garyamort at gmail.com> wrote:
> Warning, this a a length rant/vent on the state of SSL certificates as
> used on websites today.
>
> https://plus.google.com/117506461184749864074/posts/PqHMSjsY5hp
>
> The summary is:
> I don't feel that purchasing SSL Certificates from "Trusted Third Parties"
> as defined by Google, Microsoft, and Mozilla is currently worthwhile. If
> your using them for security, set up your own internal CA with a couple of
> roots and issue certs for your own usage. It's more secure because then
> YOU are the one who decided to trust the CA. Moreover, it is more secure
> because YOU can set much shorter expiration[why wait a whole year? Expire
> it in a month and generate a new one!] so if a cert is stolen it will
> expire soon - and YOU can revoke certificates that are being used
> fraudulently.
>
> The only benefit to purchasing an SSL Certificate is marketing. There are
> a few people who will choose not to purchase a product if the SSL
> Certificate doesn't "look right". However, considering the large number of
> active e-commerce websites taking orders today using expired certificates -
> I think the number of sales lost is minimal.
>
> I do see a purpose to trusted third parties - it is just the current
> system which is flawed.
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show-participation
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20131203/fb2e8501/attachment.html>
More information about the talk
mailing list