Re: Installing Certificates . Why?? help please

On Mon, 27 Aug 2007 10:48:35 +0200, Jim Watt wrote:

On Sun, 26 Aug 2007 12:09:23 GMT, "Galadrial"
<galadrial@xxxxxxxxxxxxxxxxxxxxxx> wrote:

I know little about security certificates but am following advice to check
the details when using an HTTPS site. Can anyone tell me what the Install
Certificate option is when I check, for instance GRC's certificate?

Thanks for your time

I think Certificates on a web server have three uses

1. To show that the site is genuine
2. To encrypt the session
3. To generate an income for the certificate authority (CA)

Because the CA takes reasonable care not to issue, for
example a certificate saying 'Microsoft' to joe hacker
then it establishes trust that you really are dealing
with say, Microsoft.

If you can trust that the site you are using really
is genuine, and it happens to be someone who has generated
his own certificate, because they know how and wish to
avoid paying a CA, then its OK to add it to your browser.

The CA root certificates get added automatically by the
browser authors, but obviously they do not cater for people
who 'roll their own' so there is the provision to add them
yourself, under caution.

For a serious e-commerce website, its a false economy to
do this, although I do know a large bank who use the wrong
certificate on their electronic banking site. For a small
e-commerce site, like GRC's its reasonable.

You either trust him or you don't. I use spinrite and
its saved my arse, and he did pick up on the 'real downloader'
spyware issue rather well when I mentioned it to him, so I
think he is OK, Sebastian seems to be of the other view.

Not that it matters much.

Complicating the CA issue is Comodo's free issuance of CAs.
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"