One issue with this approach is that there are several legitimate reasons for changing the certificate on a server. What if you get a new server and want to get a new key? What if your private key is compromised? What if you want to upgrade to a different type of certificate that you can use on many different sites and machines (UC, Wildcard, EV, etc.)? What about when you renew your SSL certificate every year?
And certificate authorities email your certificate "in the clear" because that is exactly what you do when you put it on your site. It is called a "public" key for a reason. It can't be used without the private key so it doesn't matter if everyone in the world has it.
Even if CACert issued "short-lived" certificates, they wouldn't be added to the CRL. The expiration of the certificates is embedded within them. They would only be added to the revocation list if they needed to be revoked before the expiration date in the certificate.
That is certainly an extremely large CRL but you can't conclude just from that that CACert's loose verification is being severely exploited because a certificate can be added to a revocation list for several reasons. One common one is when a certificate is reissued to use a new private/public key pair.
Even still, a 1.9MB CRL is ridiculously large and one of the "services" of a good CA is keeping the CRL small to help speed up the SSL connection process.
Just watched it. I don't think the marketing department has much to worry about. The film was incredible.
Seriously one of the best movies I've seen and easily the best comic-book movie ever released.
Rotten Tomatoes backs it up: 94% fresh.
That does make a lot of sense but if the "non-passive" activity provides the same relaxation factor then I think TV could be easily replaced with more interactive activities.
Playing WoW for several hours everyday after work can seem like just another job but there is something about it that makes it just as relaxing as watching a sitcom.
Exactly! There is a lot of confusion about what the real purpose of SSL Certificates is. Most people think they are good for encryption and therefore a domain validated certificate, issued within a few minutes, is all you need. This is true in many cases (internal server, mail server, etc...)
However, a public site (e.g. e-commerce) that is trying to gain visitors trust requires more than just a domain validated certificate, even if it gets rids of all the error messages. Though some people consider them solely a money-making tool for VeriSign, there are several studies that show that EV SSL Certificates actually work to increase conversion rates: http://www.sslshopper.com/article-verisign-secured-seal-increases-sales-by-31.html
Slashdot Mirror
One issue with this approach is that there are several legitimate reasons for changing the certificate on a server. What if you get a new server and want to get a new key? What if your private key is compromised? What if you want to upgrade to a different type of certificate that you can use on many different sites and machines (UC, Wildcard, EV, etc.)? What about when you renew your SSL certificate every year?
And certificate authorities email your certificate "in the clear" because that is exactly what you do when you put it on your site. It is called a "public" key for a reason. It can't be used without the private key so it doesn't matter if everyone in the world has it.
Even if CACert issued "short-lived" certificates, they wouldn't be added to the CRL. The expiration of the certificates is embedded within them. They would only be added to the revocation list if they needed to be revoked before the expiration date in the certificate.
That is certainly an extremely large CRL but you can't conclude just from that that CACert's loose verification is being severely exploited because a certificate can be added to a revocation list for several reasons. One common one is when a certificate is reissued to use a new private/public key pair. Even still, a 1.9MB CRL is ridiculously large and one of the "services" of a good CA is keeping the CRL small to help speed up the SSL connection process.
ooooh. That is elegant! No wonder Google is the best.
You should feel lucky that it is your brother and not yourself addicted to this madness.
Just watched it. I don't think the marketing department has much to worry about. The film was incredible. Seriously one of the best movies I've seen and easily the best comic-book movie ever released. Rotten Tomatoes backs it up: 94% fresh.
That does make a lot of sense but if the "non-passive" activity provides the same relaxation factor then I think TV could be easily replaced with more interactive activities. Playing WoW for several hours everyday after work can seem like just another job but there is something about it that makes it just as relaxing as watching a sitcom.
Exactly! There is a lot of confusion about what the real purpose of SSL Certificates is. Most people think they are good for encryption and therefore a domain validated certificate, issued within a few minutes, is all you need. This is true in many cases (internal server, mail server, etc...)
However, a public site (e.g. e-commerce) that is trying to gain visitors trust requires more than just a domain validated certificate, even if it gets rids of all the error messages. Though some people consider them solely a money-making tool for VeriSign, there are several studies that show that EV SSL Certificates actually work to increase conversion rates: http://www.sslshopper.com/article-verisign-secured-seal-increases-sales-by-31.html