Re: How can I act as a Certificate Authority (CA) with openssl ??

From: Bruno Wolff III (bruno_at_cerberus.csd.uwm.edu)
Date: 09/28/04

  • Next message: Dr. David Kirkby: "Re: How can I act as a Certificate Authority (CA) with openssl ??"
    Date: 28 Sep 2004 19:56:09 GMT
    
    

    In article <c99d2c79.0409280255.cbb9e6d@posting.google.com>, Dr. David Kirkby wrote:
    > But as far as I am aware, there is nothing legally (in the UK at
    > least) stopping me signing a digital certificate, verifying the
    > identity of someone else, then putting that on a web site. Of course,
    > whether a third party chooses to trust me is entirely up to them.
    > Being a 'nobody', I don't suppose others would attach too much weight
    > to it.

    There isn't. From what you said the only reason for you to consider
    paying for a certificate is that it might be simpler for you.

    The "Mickey Mouse" comment was wrong as well. You might run into a trademark
    problem if you were selling certificates using "Mickey Mouse" as the
    organization name, but for your own private certs this isn't a problem.
     
    > I can see that the cost of certificates might make some companies
    > think about doing their own. If the securtiy office, or HP department
    > of a company wishes to sign digital signatures for staff, I can't see
    > why they should not do so. I'm sure if Microsoft signed their own
    > certificates, in a way verifyable from the homepage of
    > www.microsoft.com, that would satisfy most poeple.

    The main problem with doing your own and not controlling the browsers
    used to access the web site is that people will get scary warnings
    from their browser. The browser maker and cert orgs like this since
    companies with pay money to the cert companies to avoid scaring away
    customers and the cert companies pay the browser companies to include
    their certs as trusted by default. The whole thing is a big scam as
    it doesn't protect people from going a different site than they meant
    that also has a valid cert and it doesn't protect information stored
    at the remote site. Most credit card theft from web transactions is
    going to come from data that is stored at the remote site, not by
    sniffing it in transit.


  • Next message: Dr. David Kirkby: "Re: How can I act as a Certificate Authority (CA) with openssl ??"

    Relevant Pages

    • Re: How can I act as a Certificate Authority (CA) with openssl ??
      ... then putting that on a web site. ... problem if you were selling certificates using "Mickey Mouse" as the ... The browser maker and cert orgs like this since ...
      (sci.crypt)
    • Re: PayPal: Steer clear of Safari
      ... If you're using Apple's Safari browser, PayPal has some advice for you: ... called Extended Validation certificates. ... and they've been used on PayPal's Web site for more ...
      (comp.sys.mac.apps)
    • PayPal: Steer clear of Safari
      ... If you're using Apple's Safari browser, PayPal has some advice for you: Drop it, at least if you want to avoid online fraud. ... An emerging technology, EV certificates are already supported in Internet Explorer 7, and they've been used on PayPal's Web site for more than a year now. ...
      (comp.sys.mac.apps)
    • OT: PayPal: Steer clear of Safari
      ... If you're using Apple's Safari browser, PayPal has some advice for you: Drop it, at least if you want to avoid online fraud. ... An emerging technology, EV certificates are already supported in Internet Explorer 7, and they've been used on PayPal's Web site for more than a year now. ...
      (rec.collecting.coins)
    • Re: How can I act as a Certificate Authority (CA) with openssl ??
      ... then putting that on a web site. ... > paying for a certificate is that it might be simpler for you. ... The browser maker and cert orgs like this since ...
      (sci.crypt)