[olug] Web Site Certificates - OT
Will Langford
unfies at gmail.com
Fri Aug 8 22:24:40 UTC 2008
On Fri, Aug 8, 2008 at 5:02 PM, Dan Anderson <dan-anderson at cox.net> wrote:
> I think the slashdot comments covered this topic pretty well, but...
>
When I read the first little bit from the link / article -- I immediately
dismissed it as hogwash. I think self signed certs should pop up a warning,
et al and that the author was just full of hot air.
As a quick response to trust vs encryption stuff... maybe I don't need a
high level of trust, but would enjoy a 'secureish' transport ? I know that
they are quite hand in hand, but what if the intention of the 'server' side
isnt necessarily to proove that it's OLUG Enterprises, but rather just offer
a secure-ish transport ?
While it's a horrid solution that should never see the light of day (because
of encouraing user ignorant bliss to destruction) -- something where a cert
claims to only be used in encryption, not in trust ?
Perhaps... a seamless non-trust solution similar to apache gzipping web
pages before sending them to the client which transparently ungzips them ?
As such, you could enable an encrypted transport without requiring all the
bells and whistles and warnings of a trust based SSL cert ?
-Will
More information about the OLUG
mailing list