Does your Certifying Authority have a clue who you are? Do they care?

Valdis.Kletnieks at Valdis.Kletnieks at
Fri Dec 5 17:27:26 UTC 2003

On Fri, 05 Dec 2003 10:26:33 CST, Adi Linden said:
> > So what does the PKI actually buy you that using a throwaway self-signed cert
> > doesn't provide?
> No popup box on the browser asking to accept the certificate.

"Pay us $1,000 or we'll annoy your users with popups".

Sounds suspiciously like the extortion angle used recently against somebody who
was using Windows Messenger pop-op spam to advertise their "stop pop-up spam"

I'm however missing the actual security angle (remember that the lack of a
warning doesn't mean you actually connected securely with who you thought you

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list