Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   NZ Computing (http://www.velocityreviews.com/forums/f47-nz-computing.html)
-   -   SSL Certificates (http://www.velocityreviews.com/forums/t568241-ssl-certificates.html)

madknoxie 10-27-2003 02:51 AM

SSL Certificates
 
I'm very interested to know: where do you get/purchase your SSL
certificates from?

--
madknoxie
$35 .nz domain names: http://www.ivision.co.nz/

Adam Warner 10-27-2003 04:56 AM

Re: SSL Certificates
 
Hi madknoxie,

> I'm very interested to know: where do you get/purchase your SSL
> certificates from?


InstantSSL/Comodo are extremely competitive. Be aware that there is
nothing instant about the process of obtaining a genuine certificate (in
contrast to a trial certificate): <http://www.instantssl.com/>

Note also that "Instant SSL is inherently trusted by 99.3% of the current
Internet population. This makes Instant SSL as equally trusted as more
expensive Certificates from Verisign and Thawte."

You shouldn't need the pro/premium stuff. Though I'd love a wildcard
certificate (otherwise you'd need two certificates to "secure"
website.co.nz and www.website.co.nz. Think carefully about which domain
name your customers use by default).

Regards,
Adam

madknoxie 10-27-2003 05:27 AM

Re: SSL Certificates
 
In article <pan.2003.10.27.04.56.34.981411@consulting.net.nz> ,
Adam Warner <usenet@consulting.net.nz> wrote:

> Hi madknoxie,
>
> > I'm very interested to know: where do you get/purchase your SSL
> > certificates from?

>
> InstantSSL/Comodo are extremely competitive. Be aware that there is
> nothing instant about the process of obtaining a genuine certificate (in
> contrast to a trial certificate): <http://www.instantssl.com/>


Yeah, I was considering Comodo until I read these:
http://www.sslreview.com/content/baltimore_sale.html
http://www.whichssl.org/content/comodo_spam.html


> You shouldn't need the pro/premium stuff. Though I'd love a wildcard
> certificate (otherwise you'd need two certificates to "secure"
> website.co.nz and www.website.co.nz. Think carefully about which domain
> name your customers use by default).


Thanks, I wondered what all the talk about a Wildcard was. In my case it
shouldn't be much of an issue because I can just provide the entire URL
as the link to the shopping cart..

--
madknoxie
$35 .nz domain names: http://www.ivision.co.nz/

Adam Warner 10-27-2003 07:42 AM

Re: SSL Certificates
 
Hi madknoxie,

>> > I'm very interested to know: where do you get/purchase your SSL
>> > certificates from?

>>
>> InstantSSL/Comodo are extremely competitive. Be aware that there is
>> nothing instant about the process of obtaining a genuine certificate
>> (in contrast to a trial certificate): <http://www.instantssl.com/>

>
> Yeah, I was considering Comodo until I read these:
> http://www.sslreview.com/content/baltimore_sale.html
> http://www.whichssl.org/content/comodo_spam.html


Interesting, thanks! The validity of the facts surrounding the targeted
emails could be material:
<http://www.instantssl.com/ssl-certificate-news/ssl-230603.html>

It certainly appears to be true that Thawte screwed up and are replacing
certificates: <http://www.thawte.com/serial_faq.html>. If Comodo uncovered
this and only contacted affected customers then a public interest argument
could be made that affected customers would want to know about this (I
certainly would, but what's the urgency if it really took 9 months of
investigation? Not letting Thawte inform their customers first was low:
"We will be happy to pass our findings onto Thawte so that they can take
the necessary remedial action to their certificate generation
procedures.")

The earlier link is also troubling. If Comodo goes then the only other
options remaining like Thawte are far more expensive. I didn't come across
anyone else with the same level of browser compatibility as Thawte and
Verisign while also being vastly cheaper.

I don't know how worried you should be about this. If Comodo is now the
second largest certification authority in the world they should be able to
work something out, even if it means losing the widest level of browser
compatibility.

Watch out when comparing prices. A US$49 FreeSSL.com certificate will not
have the same level of trust support in browsers (it appears to be MSIE
5.01+ and Netscape 7 only, which may be sufficient for your purposes). If
you find out about anyone else that can match the same level of
compatibility as Verisign and Thawte but at a similar price to Comodo then
let us know.

Regards,
Adam

T-Boy 10-27-2003 08:14 AM

Re: SSL Certificates
 
In article <madknoxie-509E61.15510527102003@news.orcon.net.nz>,
madknoxie@NOSPICEDHAM.ivision.net.nz says...
> I'm very interested to know: where do you get/purchase your SSL
> certificates from?


I got mine from my PC - W2K Pro - but then I'm not asking "other
people" to trust it.

--
Duncan

Enkidu 10-27-2003 10:19 AM

Re: SSL Certificates
 
On Mon, 27 Oct 2003 21:14:34 +1300, T-Boy <hard@work.ok> wrote:

>In article <madknoxie-509E61.15510527102003@news.orcon.net.nz>,
>madknoxie@NOSPICEDHAM.ivision.net.nz says...
>> I'm very interested to know: where do you get/purchase your SSL
>> certificates from?

>
>I got mine from my PC - W2K Pro - but then I'm not asking "other
>people" to trust it.
>

Why not? If I go to your website to purchase something, all I'm really
worried about is that no one can steal my CC number in transit. If
they can compromise your machine enough to steal your certificate,
they have access to your machine anyway, and presumably my CC number.

Cheers,

Cliff
--

The complete lack of evidence is the surest sign
that the conspiracy is working.

Adam Warner 10-27-2003 11:31 AM

Re: SSL Certificates
 
Hi Enkidu,

>>I got mine from my PC - W2K Pro - but then I'm not asking "other people"
>>to trust it.
>>

> Why not? If I go to your website to purchase something, all I'm really
> worried about is that no one can steal my CC number in transit. If they
> can compromise your machine enough to steal your certificate, they have
> access to your machine anyway, and presumably my CC number.


Cliff, I could use my computer to generate a certificate duplicating
T-Boy's credentials. Then I hijack your DNS server so that when you type
in T-Boy's website name you reach my server instead. The browser complains
that it can't verify my self-signed certificate masquerading as T-Boy's
just as it complains that it can't verify T-Boy's self-signed certificate.
You won't tell the difference and I won't need to steal T-Boy's
certificate.

What self-signed certificates give you is encryption. They don't give you
an assurance that you are talking to the computer you think you are
talking to.

Regards,
Adam

synergy56@hotmail.com 10-27-2003 12:37 PM

Re: SSL Certificates
 
On Mon, 27 Oct 2003 21:14:34 +1300, T-Boy <hard@work.ok> wrote:

>In article <madknoxie-509E61.15510527102003@news.orcon.net.nz>,
>madknoxie@NOSPICEDHAM.ivision.net.nz says...
>> I'm very interested to know: where do you get/purchase your SSL
>> certificates from?

>
>I got mine from my PC - W2K Pro - but then I'm not asking "other
>people" to trust it.


If you don't need "other people" to trust it then you could have
simply created and signed it yourself.

The whole thing about root certificates etc is authentication. The
encryption is just as good if you generate it yourself.



T-Boy 10-27-2003 01:01 PM

Re: SSL Certificates
 
In article <52sppvg5t8efguah4daju3nnd1opmlj3uf@4ax.com>,
enkidu@cliffp.com says...
> On Mon, 27 Oct 2003 21:14:34 +1300, T-Boy <hard@work.ok> wrote:
>
> >In article <madknoxie-509E61.15510527102003@news.orcon.net.nz>,
> >madknoxie@NOSPICEDHAM.ivision.net.nz says...
> >> I'm very interested to know: where do you get/purchase your SSL
> >> certificates from?

> >
> >I got mine from my PC - W2K Pro - but then I'm not asking "other
> >people" to trust it.
> >

> Why not? If I go to your website to purchase something, all I'm really
> worried about is that no one can steal my CC number in transit. If
> they can compromise your machine enough to steal your certificate,
> they have access to your machine anyway, and presumably my CC number.


.... what Adam said :)


--
Duncan

T-Boy 10-27-2003 01:04 PM

Re: SSL Certificates
 
In article <q74qpv048ejcjdord0q8le04rn6dbalqa7@4ax.com>, synergy56
@hotmail.com says...
> On Mon, 27 Oct 2003 21:14:34 +1300, T-Boy <hard@work.ok> wrote:
>
> >In article <madknoxie-509E61.15510527102003@news.orcon.net.nz>,
> >madknoxie@NOSPICEDHAM.ivision.net.nz says...
> >> I'm very interested to know: where do you get/purchase your SSL
> >> certificates from?

> >
> >I got mine from my PC - W2K Pro - but then I'm not asking "other
> >people" to trust it.

>
> If you don't need "other people" to trust it then you could have
> simply created and signed it yourself.


I have - of course!

>
> The whole thing about root certificates etc is authentication. The
> encryption is just as good if you generate it yourself.


Sure - the encryption's fine - but there's no garuantee on certificate
authenticity, hence it's not trustworthy - are we goin round in circles
here :)


--
Duncan


All times are GMT. The time now is 06:43 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.