[CLUE-Admin] SSL cert for CLUE
David Anselmi
anselmi at anselmi.us
Fri Apr 16 18:03:43 MDT 2004
CLUE President wrote:
[...]
> This may be handy for such a low price ($39 per year). The cheapest I saw
> previously was $89 per year from go daddy.
>
> http://www.freessl.com/index.html
Well, the good news is that their CA cert is included in Mozilla.
Generally though I don't think CAs provide any value added so even $39
is too much.
I would make my own CA and sign my own certs. Put the root on the CLUE
web site with prominent directions on installing it (that's what DoD
does, since they have their own CA). Send the cert fingerprint out to
CLUE-Announce, put it in your sig, announce it at meetings, and so on
and you've got better security than buying one from FreeSSL or Verisign.
(Interesting that they signed their site with their root CA cert
rather than a subordinate signing cert like DoD does. But they are
almost certainly lower assurance than DoD.)
Of course, if no one understands how a CA works then $39 is a bargain.
OTOH, why bother with a cert? What threat are we countering? Aren't
there a dozen more immediate that we should worry about (like keeping
things patched)?
Dave
More information about the clue-admin
mailing list