[conspire] question about "thawte" - how secure are websites covered by thawte

Rick Moen rick at linuxmafia.com
Thu Sep 3 15:14:01 PDT 2009


Quoting Ehud Kaldor (ehud.kaldor at gmail.com):

> the biggest advantage of VeriSign (or Thwate, for that matter) is that the
> browsers know them (their CA is noted as a trusted one in most browsers [or
> is it the OS?]), which prevent the visitor to get the unpleasant/scary
> message that 'the authority for this certificate is unknown' and force the
> user to manually accept the cert. 

Right.  The value of one's cert being signed by a major CA is all about 
not raising questions with the users.  It really has nothing to do with 
security.

> i cannot testify to the strength of their encryption, or if it is
> better to create a CA on your server and sign the cert with it.

The problem with the CAs doesn't involve the strength of their
encryption.  There's no problem there. 

The problem lies with their not actually promising what most people
think they do, and with their human-level procedures being so lax that
they (typically) fail to take any meaningful care about whether the
person submitting a cert really does represent the organisation it
claims to represent.





More information about the conspire mailing list