[149783] in North American Network Operators' Group
Re: SSL Certificates
daemon@ATHENA.MIT.EDU (George Herbert)
Wed Feb 15 19:50:55 2012
In-Reply-To: <20120216001700.52490.qmail@joyce.lan>
Date: Wed, 15 Feb 2012 16:49:53 -0800
From: George Herbert <george.herbert@gmail.com>
To: John Levine <johnl@iecc.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Feb 15, 2012 at 4:17 PM, John Levine <johnl@iecc.com> wrote:
>>Almost everyone are basically just selling an "activation" with one of th=
e SSL certificate authorities.
>>
>>I usually buy a "RapidSSL" (Verisign) certificate from https://www.sslmat=
rix.com/ -- they seem to have some of the best
>>prices and the rapidssl enrollment process is very efficient (at least fo=
r the cheap automatically "validated"
>>products).
>
> I get my RapidSSL and Comodo from these guys. =A0Prices look about the sa=
me:
>
> http://www.cheapssls.com/
>
> If you order a cert for example.com, Comodo's also work for www.example.c=
om, no
> extra charge.
The problem with anything related to Verisign at the moment is that
they either don't know or haven't come clean yet how far the hackers
got into their infrastructure over the last few years. The early
February 2012 announcements were woefully devoid of actual content.
The possibility of their root certs being compromised is nonzero.
There may be no problem; they also may be completely worthless. Until
there's full disclosure...
--=20
-george william herbert
george.herbert@gmail.com
