Firewall Wizards mailing list archives
Re: Certificate Authorities
From: "Chuck Swiger" <chuck () codefab com>
Date: Thu, 21 Oct 1999 12:13:08 -0400
On Wed, 20 Oct 1999 11:25:34 -0700, Joe Ippolito wrote:
Is the expense of having an outside source provide CA keys for my organization justified if I properly protect my own CA server on-site?
That depends on what you want to do with them. Let's assume you want to utilize X.509 certificates for doing SSL, either for HTTPS or for IMAP/POP over SSL. If you do not get a certificate with a well-known CA, every client will have to add your local CA server to their browser's list of trusted root certification authorities. That's doable for your companies' employees, although it's a fair amount of work. Of course, if you were providing a web site to the Internet at large (for an online store or whatever), you cannot expect the public to trust your CA server. -Chuck Charles Swiger | chuck () codefab com | Bad cop! No Donut. ---------------+-------------------+-------------------- I know you are an optimist if you think I'm a pessimist.
Current thread:
- Certificate Authorities Joe Ippolito (Oct 20)
- Re: Certificate Authorities Adam Shostack (Oct 21)
- Re: Certificate Authorities Chuck Swiger (Oct 21)
- <Possible follow-ups>
- Re: Certificate Authorities Bill_Royds (Oct 21)
- RE: Certificate Authorities Litney, Tom (Oct 22)
- Re: Certificate Authorities Bennett Todd (Oct 22)