On Fri, Mar 13, 2015 at 05:55:53AM -0300, Hugo Osvaldo Barrera wrote: > On 2015-03-13 08:21, Werner Koch wrote: > > On Fri, 13 Mar 2015 00:21, h...@barrera.io said: > > > > > No need for a wildcard one. Just get one free certificate for each > > > subdomain > > > from StartSSL. > > > > Definitely not. It far easier to pay 10 Euro a year for one from > > Gandi. But that is all not an issue, migrating Roundup to a newer > > version is more work. > > > > > > I don't see what's easier (maybe it takes a few minutes less?), nor the point > in paying for something you can have for free with the same quality.
That is precisely the issue with free or even cheap certificates: they are likely *not* of the same quality. A few years ago, I ordered my first certificate from a well-known CA. They charged us $159.00. I *know* that they check up on new applicants: our security officer got a phone call from them, asking if I was legitimately representing the organization. That certificate certified more than just "probably the same host that presented this certificate to you last time." A CA that charges nothing cannot afford to do much (any?) checking of the assertions in my CSR. The resulting signature thus cannot have some of the meaning that a more thoroughly investigated CSR can support. A free cert. may have all of the qualities that you need, but I recommend that you think as carefully about your choice of CA as you do about who you would have sign a PGP key. The more you depend on a certificate for *establishing* trust, the more it's going to cost you, because it's going to cost the issuer more to provide that assurance while protecting his own reputation. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
