[conspire] question about "thawte" - how secure are websites covered by thawte
Rick Moen
rick at linuxmafia.com
Thu Sep 3 15:14:01 PDT 2009
Quoting Ehud Kaldor (ehud.kaldor at gmail.com):
> the biggest advantage of VeriSign (or Thwate, for that matter) is that the
> browsers know them (their CA is noted as a trusted one in most browsers [or
> is it the OS?]), which prevent the visitor to get the unpleasant/scary
> message that 'the authority for this certificate is unknown' and force the
> user to manually accept the cert.
Right. The value of one's cert being signed by a major CA is all about
not raising questions with the users. It really has nothing to do with
security.
> i cannot testify to the strength of their encryption, or if it is
> better to create a CA on your server and sign the cert with it.
The problem with the CAs doesn't involve the strength of their
encryption. There's no problem there.
The problem lies with their not actually promising what most people
think they do, and with their human-level procedures being so lax that
they (typically) fail to take any meaningful care about whether the
person submitting a cert really does represent the organisation it
claims to represent.
More information about the conspire
mailing list