Firewall Wizards mailing list archives

Re: Certificate Authorities

From: "Chuck Swiger" <chuck () codefab com>
Date: Thu, 21 Oct 1999 12:13:08 -0400

On Wed, 20 Oct 1999 11:25:34 -0700, Joe Ippolito wrote:

Is the expense of having an outside source provide CA keys for
my organization justified if I properly protect my own CA server
on-site?


That depends on what you want to do with them.

Let's assume you want to utilize X.509 certificates for doing SSL, either  
for HTTPS or for IMAP/POP over SSL.  If you do not get a certificate with a  
well-known CA, every client will have to add your local CA server to their  
browser's list of trusted root certification authorities.

That's doable for your companies' employees, although it's a fair amount of  
work.  Of course, if you were providing a web site to the Internet at large  
(for an online store or whatever), you cannot expect the public to trust your  
CA server.

-Chuck

      Charles Swiger | chuck () codefab com | Bad cop!  No Donut.
       ---------------+-------------------+--------------------
       I know you are an optimist if you think I'm a pessimist.

Current thread:

Certificate Authorities Joe Ippolito (Oct 20)
- Re: Certificate Authorities Adam Shostack (Oct 21)
- Re: Certificate Authorities Chuck Swiger (Oct 21)
- <Possible follow-ups>
- Re: Certificate Authorities Bill_Royds (Oct 21)
- RE: Certificate Authorities Litney, Tom (Oct 22)
  - Re: Certificate Authorities Bennett Todd (Oct 22)