[conspire] question about "thawte" - how secure are websites covered by thawte
Ehud Kaldor
ehud.kaldor at gmail.com
Thu Sep 3 15:07:38 PDT 2009
the biggest advantage of VeriSign (or Thwate, for that matter) is that the
browsers know them (their CA is noted as a trusted one in most browsers [or
is it the OS?]), which prevent the visitor to get the unpleasant/scary
message that 'the authority for this certificate is unknown' and force the
user to manually accept the cert. i cannot testify to the strength of their
encryption, or if it is better to create a CA on your server and sign the
cert with it.
E
On Thu, Sep 3, 2009 at 3:02 PM, Rick Moen <rick at linuxmafia.com> wrote:
> Quoting Darlene Wallach (freepalestin at dslextreme.com):
>
> > As far as VeriSign goes, I know how to spell it since you wrote it
> > down for me. How secure are websites covered by VeriSign? How likely
> > is it someone can crack the site and get the confidential information
> > protected by VeriSign?
>
> Um... VeriSign, in acting as an SSL Certificate Authority that signs
> customers' https SSL certificates, isn't making any statements
> whatsoever about security behind the scenes at the site. The SSL cert
> merely makes a kinda-sorta statement about whose SSL cert it is.
> Really, all that happens is that your Web browser doesn't pop up
> a warning about the cert, solely because it detects that the cert
> has been signed by a known CA (that's in the browser's list of CAs
> whose word it's willing to take).
>
> The site in question could easily have been taken over by the Russian
> Mafia, Colombian druglords, _and_ the Bavarian Illumnati, who severally
> and jointly have dug their hooks into the site's back-end databases,
> Web code, etc., and are using the firm's long-term capital assets as
> petty cash funds. The Verisign signature will still continue to
> validate on the site SSL cert.
>
>
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20090903/6c5d8ce2/attachment.html>
More information about the conspire
mailing list