[158858] in North American Network Operators' Group
Re: Gmail and SSL
daemon@ATHENA.MIT.EDU (Maxim Khitrov)
Fri Dec 14 11:33:58 2012
In-Reply-To: <50CB4B43.10803@alter3d.ca>
From: Maxim Khitrov <max@mxcrypt.com>
Date: Fri, 14 Dec 2012 11:33:12 -0500
To: Peter Kristolaitis <alter3d@alter3d.ca>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Dec 14, 2012 at 10:52 AM, Peter Kristolaitis <alter3d@alter3d.ca> wrote:
> On 12/14/2012 10:47 AM, Randy wrote:
>>
>> I don't have hundreds of dollars to get my ssl certificates signed
>
>
> You can get single-host certificates issued for free from StartSSL, or for
> very cheaply (under $10) from low-cost providers like CheapSSL.com. I've
> never had a problem having my StartSSL certs verified by anyone.
This doesn't solve the problem if you have your own internal PKI or
want to use a certificate that is valid for more than a year. StartSSL
is a good option, but not everyone will be able to switch for a
variety of reasons. Google should provide a way of uploading trusted
root CAs (including self-signed certs) if they want to perform strict
validation.
- Max
