Follow Slashdot stories on Twitter


Forgot your password?

Comment Re:Or just sign your own (Score 1) 72

No, there's another big difference. First time visitors, if they are visiting a site with a non-trusted key, are asked about it, right? Sounds good, right?

The point of SSL is to ID a server as a certain server. Let's say you do ecommerce, and your very own pages explain this behavior away. Great idea, until your domain get hijacked (registrar isn't paid, DNS spoof, etc). Lo and behold, users come to expect this behavior, and click away.

This is the key fact, however. You need someone you can trust - a third party that puts a huge amount on the line - to certify that the server is who it says it is.

CACERT is a potential answer, but it needs to be integrated into Firefox and IE. But you do need that 3rd party authority. Otherwise, you it's like someone sending you an IM saying, "Hey, I'm me. What's you password/credit card/SSN?"

"I may be synthetic, but I'm not stupid" -- the artificial person, from _Aliens_