[150162] in North American Network Operators' Group
X.509 Certs For Personal Use
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Fri Feb 17 20:08:26 2012
Date: Fri, 17 Feb 2012 17:07:29 -0800
From: Leo Bicknell <bicknell@ufp.org>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On the heals of some of the most productive conversation I've seen on
NANOG in ages, let me try another topic!
I suspect most people on NANOG are in the same boat that I'm in, we
operate some small number of domains for ourselves, friends, family, and
projects we like. I suspect many of us are also security conscious and
would like to use encryption as often as possible.
Unfortunately to communicate with random folks on the Internet you need
an "SSL Certificate" signed by a "Trusted Root". Ok, we can argue about
that, but that's what I'm going to assume for my question. That could
be a cert for a web server, a mail server, a jabber server, or even a
personal e-mail certificate.
What I've found is a few classes of service:
- Totally free, but the Root CA is not well distributed (or other
issues).
- Free for "one" (perhaps one web, one e-mail) on a well distributed CA,
major upcharge for more.
- Services for businesses designed for maintaining multiple domains and
certs starting at $high and ending at $crazy.
I am _not_ looking for a free only alternative, but I am looking for a
fee structure and price that makes _personal_ use economically workable.
I'd love to support community based efforts, but the reality is random
folks will be accessing my web site, sending me e-mail, etc, so I want
certs that are signed by root certs that ship with OSX/Windows/Linux,
they should "just validate". I also do not require "EV" certificates,
although being able to get one for an upcharge might be nice.
Are there any providers that target someone with my desires? What
providers do NANOG folks use for their _personal_ needs?
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--45Z9DzgjV8m4Oswq
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iQIVAwUBTz750bN3O8aJIdTMAQI2Cg/+PeYks6+L4TKYfs7FAk4Dym53r6qqv5+u
MMp0HhpE14g/XbpK9mxwP+vrFzQBHDDR/9D443lbHLQIpFjZ35wAeMQLCe9VcW+0
Z9djjgPZaeglCknUNdvqhCqzqSGtkTMTnwl3Uu+xcpsyKyN1SKrrIL8XReU+K9X4
pI+2pgATP7SefMZDi4n22cBAWZHLTkEI4/fEWsERwokPp19i2njqE0anqc2WpDAL
KOZnoBx/qxHrQcFCi1YpxamZJ86C3g1Oym1Ix6DJ2Fdy0Qqf9afD95tyGToHo34n
VD5lq7ITrp9wNNsxbOubqIUtvX18tW8suc6R4NqnLOVqxjZt2YbKrOpsIhK8Yz/n
m4HYIDFP+z15OoR3wmt9ukYpSNKZ6gNrOzMBagyT3xgibGA8gqwc5BcmLnumbv6w
ECnn1BYCk0QgwyFXHpAe894UPGXRhWsOyX2tE1R3OompWvaKgtGX2c9KO0+Q6gmp
Zg/Lh+L2TrpRI72m+WYkZHQFdNUH/x32O0lX+XTEntGZHYc5H8DKpnjCU4mJkhVA
/tYYrky18VNtsf4To+ktJHtcHGgTTinCG43ThNGQzDl3FqJufvtf9oFXh2zVf4CW
e+4L+sjjKVYZgxY+JuKv5S8qy3S32Ojel0LKbiEIh4cDd47tED0qYG16Npfx2beC
vmA8zKvOTEY=
=a1QO
-----END PGP SIGNATURE-----
--45Z9DzgjV8m4Oswq--
