[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

In the per-cert realm, both CheapSSL.COM ($8.95/cert/year) and RapidSSL
($49/cert/3year) offer relatively cheap per-cert pricing for one and
three year certs, respectively.  Depending on needs these may be cheaper
or more expensive than StartCom.

I am personally trying out the StartCom free for S/MIME, HTTPS,
SMTPS, and IMAPS right now, and they are working quite nicely thus
far.  If the testing goes well with all clients I may upgrade to
their verified product.

One last interesting idea that's not quite ready for prime time.
There's an IETF working group called DANE which has code in Chrome:
https://datatracker.ietf.org/wg/dane/

The idea is pretty simple, DNSSEC sign your zones, and then publish your
own key material in DNS.  By doing this there is no need for a CA at all,
which eliminates not only cost but the trust and security issues with
the CA's.  Of course it moves the trust and security to DNS, but at
least two folks argued that DNS (management) has proved more secure than
CA's, and at least here were fewer players to audit and trust.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120220/90e51b7a/attachment.bin>

Prev by Date: [no subject]
Previous by thread: [no subject]
Index(es):
- Date
- Thread