[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: free SSL CAs?



Sam Quigley wrote:
> 
> I've set up my own CA, and given myself my own cert., but having the same
> server you're interacting with being the one that's the CA for the
> transaction leaves the setup open to man-in-the-middle attacks (I'd think,
> at least...).

It's up to the user (at least with the Netscape Navigator) to decide
what CA certificates or particular server certificates to trust.
Self-signed certificates are logically at the root of any certificate
chain.

PK
--
Philip L. Karlton			[email protected]
Principal Curmudgeon			http://www.netscape.com/people/karlton
Netscape Communications Corporation

    Everything should be made as simple as possible, but not simpler.
	-- Albert Einstein