Re: SSL Certificate - Self-Generated vs 3rd Party ?
From: Dimitri Maziuk (email@example.com)
From: Dimitri Maziuk <firstname.lastname@example.org> Date: Mon, 10 Mar 2003 06:57:34 +0000 (UTC)
> My company is going to use SSL to communicate with a business partner;
> that is we are trusted parties. I realize that the only way to
> guarantee true identity is to use a 3rd party certificate manager like
Why? Verisign tells you that "someone who claims to be such-and-such
paid us to tell everyone that this particular key belongs to them".
Your business partner, OTOH, can write their key fingerprint on a
piece of paper and bring it to your office. Why would anyone rather
trust Verisign than people they know and work with?
-- Yes, Java is so bulletproofed that to a C programmer it feels like being in a straightjacket, but it's a really comfy and warm straightjacket, and the world would be a safer place if everyone was straightjacketed most of the time. -- Mark 'Kamikaze' Hughes