Posted by
michael
on from the snake-oil-enterprises dept.
lisam writes "Rob Flickenger shows how to become your own Certificate Authority, and sign your own, or others', SSL certificates in this onlamp.com article. (He also manages to mention fnords and deny responsiblity for the Microsoft Corporation cert snafu.)"
This is important, but...
by
rw2
·
· Score: 4, Insightful
It's important the people understand how to do this, but what is missing is some way to understand whether or not to trust a CA. Until your grandma can trivially decide to trust rw2's CAnonical Enterprises, Inc. signing by anyone but the handful of big boys is the most reasonable thing to do.
Re:This is important, but...
by
Sloppy
·
· Score: 5, Insightful
No one can really answer that, because there isn't any way for Grandma to know whether or not she can trust a CA. Even if it's the big guys or if it comes with her browser. I mean, from Grandma's point of view, who the hell is Verisign and what did they ever do to merit trust? At best they're just some faceless corporation she's never heard of or dealt with. A cracker CA named "Integro-Trust Digital Signature National Registry (Fidelity Verified)" would have an even better-looking name than "Verisign."
I don't think you can have real trust without users understanding how things work. Grandma is screwed.
-- As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
The information that the article mentions above, has been readily available on line in various howto's. Just follow the instructions that come with OPEN SSL or MOD_SSL.
While I frequently find valuable information in Oreilly's articles, such as this one,
this one is nothing but fluff; purely a plug for the author's book.
The exact info is available in the docs that come with OpenSSL, as well as in the OpenSSL animal book.
Slashdot Mirror
It's important the people understand how to do this, but what is missing is some way to understand whether or not to trust a CA. Until your grandma can trivially decide to trust rw2's CAnonical Enterprises, Inc. signing by anyone but the handful of big boys is the most reasonable thing to do.
The information that the article mentions above, has been readily available on line in various howto's.
Just follow the instructions that come with OPEN SSL or MOD_SSL.
Why is it that slashdot found it 'news' worthy?
While I frequently find valuable information in Oreilly's articles, such as this one, this one is nothing but fluff; purely a plug for the author's book. The exact info is available in the docs that come with OpenSSL, as well as in the OpenSSL animal book.