On Wed, 20 Oct 1999 11:25:34 -0700, Joe Ippolito wrote:
> Is the expense of having an outside source provide CA keys for
> my organization justified if I properly protect my own CA server
> on-site?
That depends on what you want to do with them.
Let's assume you want to utilize X.509 certificates for doing SSL, either
for HTTPS or for IMAP/POP over SSL. If you do not get a certificate with a
well-known CA, every client will have to add your local CA server to their
browser's list of trusted root certification authorities.
That's doable for your companies' employees, although it's a fair amount of
work. Of course, if you were providing a web site to the Internet at large
(for an online store or whatever), you cannot expect the public to trust your
CA server.
-Chuck
Charles Swiger | chuckat_private | Bad cop! No Donut.
---------------+-------------------+--------------------
I know you are an optimist if you think I'm a pessimist.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:44:36 PDT