As an addendum to the previous post:
There have been several discussions on the web about certificates and CAs (certificate authorities). In my honest opinion they all melt down to these facts:
* Paid CAs ask much more bucks than the service is worth it. But everyone wants "security", so most people pay 'em.
* Paid CAs pay browser developers to include their root certificates. That's why their signed certs don't show up as "defunct", "insecure", "unknown" or whatever.
* Paid CAs appeared to be insecure several times, be it with leaked or sold and misused root certs, wildcards, cretinism or hacked servers. There is no real reason to trust a paid one more than an established free and open one.
* Paid CAs are okay for webshops, since they often include an insurance. But their conditions vary.
CACert seems to be the only free CA basing upon an open community. And that looks much more confidential to me than paid ones which earnestly offer their customers to also generate their *private* key pairs O.o .. every admin solely taking such offers into account should be doomed. Security is a serious concern.
I'd suggest everyone who visits an encrypted website to never blindly trust that page just because the address bar is tinted green, but to always check who signed that certificate, to learn about the different CAs and their "business practices" .. and to finally decide for oneself -upon the mentioned facts- whether to really trust that one or not.
Also I agree with Jarnys' suggestion to allow special chars. ;)
There have been several discussions on the web about certificates and CAs (certificate authorities). In my honest opinion they all melt down to these facts:
* Paid CAs ask much more bucks than the service is worth it. But everyone wants "security", so most people pay 'em.
* Paid CAs pay browser developers to include their root certificates. That's why their signed certs don't show up as "defunct", "insecure", "unknown" or whatever.
* Paid CAs appeared to be insecure several times, be it with leaked or sold and misused root certs, wildcards, cretinism or hacked servers. There is no real reason to trust a paid one more than an established free and open one.
* Paid CAs are okay for webshops, since they often include an insurance. But their conditions vary.
CACert seems to be the only free CA basing upon an open community. And that looks much more confidential to me than paid ones which earnestly offer their customers to also generate their *private* key pairs O.o .. every admin solely taking such offers into account should be doomed. Security is a serious concern.
I'd suggest everyone who visits an encrypted website to never blindly trust that page just because the address bar is tinted green, but to always check who signed that certificate, to learn about the different CAs and their "business practices" .. and to finally decide for oneself -upon the mentioned facts- whether to really trust that one or not.
Also I agree with Jarnys' suggestion to allow special chars. ;)
---
[ˈtʌʎˌjaː ˈʃʌtˑənˌtans] - The wog with the whip! Always takin' care for purposive Ryzom development and conductive community behavior via appropriate amounts of well-placed criticism.Botherin' homins since Aug '06 - Nuttin' ta lose, but a bad rep.
DE, EN, C++, ASM, MHD, ahd, nl (Ik werk eraan als een ploegpaard), it, lat