[Ach] StartSSL for Business Sysadmins

Tobias Dussa (SCC) tobias.dussa at kit.edu
Tue Jan 14 08:51:37 CET 2014


On Mon, Jan 13, 2014 at 08:42:15PM +0100, Rainer Hoerbe wrote:
> My point was that a highly secure cert from SuperSecureCA.com does not make my
> server better, because it can always be impersonated from weaker CAs. It is
> the lowest common denominator that counts.

That depends entirely on how the client is set up and CAN be addressed.  That is
EXACTLY the point: Whining about how everything is broken if implemented in a
stupid way is nice, but what is needed is some advise on what to do about it

> Those "Free" packaged are not really free. Either the cert is a marketing
> tool, or there is some other business model. Startssl.com ist not 100% free,
> e.g. they charge for revocation.

So what's the business model for CAcert?  Or for the DFN PKI?

> Linux is not user-friendly.
It _is_ user-friendly.  It is not ignorant-friendly and idiot-friendly.
                                           (Seen somewhere on the net.)


Karlsruhe Institute of Technology (KIT)
Steinbuch Centre for Computing (SCC)

Tobias Dussa
CERT Manager, CA Manager

Zirkel 2
Building 20.21
76131 Karlsruhe, Germany

Phone: +49 721 608-42479
Fax: +49 721 608-9-42479
Email: tobias.dussa at kit.edu
Web: http://www.kit.edu/

KIT – University of the State of Baden-Wuerttemberg and
National Laboratory of the Helmholtz Association

More information about the Ach mailing list