Re: (OT) SSL Certificates: Self-Signing and Alternative Solutions

There would be a few problems, such as initial costs, legal liability, creating the initial trust, but nothing I can see that can't be overcome.

That would indeed be the "least" of your problems, albeit still a major undertaking in my opinion.

The big issue in my opinion, is to get the "standard" browser manufacturers to include the certficates signed by the "non-profit consortium" in the list of certificate authorities whose certificates are accepted by default. Without that, the browser will still display the rather unsettling message to the user. As you said yourself: "This damages your site's credibility and will result in a drastic loss of confidence on the part of your potential customers.". So any effort you try in that respect, would need to the full cooperation of Microsoft, it being responsible for +95% of the browsers used in the world (something I'm not happy with, but which is a reality nonetheless). You ponder the likelihood of Microsoft cooperating with such a venture.

I think you need to ask yourself why you would need a certificate. If it's for a webshop, then there are plenty of solutions available where the actual payment is handled by a payment handler where you can piggyback on the certificate of the payment handler. If you're interested in preventing eavesdropping for a particular application, I think you can explain to the users why they will be getting the unsettling message and just sign the certificate yourself.

Wish I could give some more positive comments. But with the current financial interest of the Internet, I don't see a non-profit consortium happening anymore. I think it would be simply too little, too late.

Liz

Comment on Re: (OT) SSL Certificates: Self-Signing and Alternative Solutions

Replies are listed 'Best First'.
Re: Re: (OT) SSL Certificates: Self-Signing and Alternative Solutions by Anonymous Monk on Nov 10, 2003 at 21:20 UTC
You ponder the likelihood of Microsoft cooperating with such a venture. Here's the nice thing about Microsoft - they're a corporation. They do what will make them more money. They are not in the certificate-signing business. They are in the operating system, office, server software, and development environment business. It is in their interest to commodify everything that doesn't currently (or potentially) generate them more money. I can see a few problems, but nothing that can't be avoided if implemented in the proper order. Of course IE is an exceptionally inferior browser lacking in core features (tabbed browsing for one) and all reports indicate its internals are a complete mess so it won't be the number 1 browser for too much longer. Also consider that Microsoft won't be the #1 OS company 5 years from now. So if there are problems, I see no reason to wait on them.	[reply]

Replies are listed 'Best First'.

Re: Re: (OT) SSL Certificates: Self-Signing and Alternative Solutions
by Anonymous Monk on Nov 10, 2003 at 21:20 UTC

You ponder the likelihood of Microsoft cooperating with such a venture.

Here's the nice thing about Microsoft - they're a corporation. They do what will make them more money. They are not in the certificate-signing business. They are in the operating system, office, server software, and development environment business. It is in their interest to commodify everything that doesn't currently (or potentially) generate them more money. I can see a few problems, but nothing that can't be avoided if implemented in the proper order.

Of course IE is an exceptionally inferior browser lacking in core features (tabbed browsing for one) and all reports indicate its internals are a complete mess so it won't be the number 1 browser for too much longer. Also consider that Microsoft won't be the #1 OS company 5 years from now. So if there are problems, I see no reason to wait on them.

[reply]