Slashdot Mirror

← Back to Stories (view on slashdot.org)

Self-Regulating SSL Certificate Authority?

Posted by Cliff on from the doing-it-on-our-own dept.

bcg asks: "It has come that time again to renew some of my SSL certificates and part with substantial amounts of cash. This has got me thinking - why should we pay large amounts of cash for authorized certs when so little is done by the companies issuing them? Sure they get you to send them a copy of a business certificate but how does this prove the character of those running the SSL server? What ideas can we come up with for a self-regulating certification authority? Could we set something up along the lines of the many free DNS servers around but use it to authenticate SSL certs?" We last touched on this subject in October, when someone was searching for cheap SSL certs. We've also discussed why certs are so expensive. Why not take it one step further and discuss ways of making and authenticating our own certs for free...or as close to free as possible?

3 of 269 comments (clear)

  1. I'm impressed by Amsterdam+Vallon · · Score: 5, Funny
    Posted by Cliff:
    We last touched on this subject in October, when someone was searching for cheap SSL certs. We've also discussed why certs are so expensive. Why not take it one step further and discuss ways of making and authenticating our own certs for free...or as close to free as possible?
    Ladies and gentleman, a round of applause for the only Slashdot editor who reads Slashdot!
    --

    Reply or e-mail; don't vaguely moderate. Ex-O'Reilly/MIT employee, now a full-time Google employee.
  2. SSL authorities by BlackMagi · · Score: 2, Funny

    I'm so used to mis-constructed (read self-signed, out of date, poorly named, etc) certificates that after a few moments of consideration, I usually just click "yes" to trust these things. Anyone out there who wants to start a backyard signing authority can just go for it. Just call your company FreeCert, put up some futzy web page and don't charge a cent. Freeloading certificate-junkies will come flowing to your website generating certificates. They can then put up weenie graphic-links back to your site as payment, and you can sponsor the crapped out server you've got with banner signs and t-shirts with "FreeCert Forever - They'll Never Take Our Freedom" sold online through the online shopping e-commerce solution you've whipped up. Choose life. Choose a sofa. Choose 1024-bit encryption. Choose a f$%#ng great motherboad with dual CPUs. Choose Linux. I chose not to choose linux. I chose something else...

    -BM

    --
    http://melbournephilosophy.com/
  3. Re:Just say no... by goatasaur · · Score: 2, Funny

    "Start out with something like "Microsoft wants to install a Service Pack Upgrade"."

    If you're going for increasing levels of danger, shouldn't that be the last one?

    --
    ~D: