- From: Stuart E. Schechter <ses@ll.mit.edu>
- Date: Wed, 27 Dec 2006 16:47:47 -0500
- To: Mike Beltzner <beltzner@mozilla.com>
- CC: <public-wsc-wg@w3.org>
> There's another use case that isn't really captured here, due to the > limitations of the commercial CA structure. For example, if I own the > foo.com, and am not planning on using it for public purposes but want > an SSL channel for various services like ftp.foo.com and www.foo.com > and mail.foo.com and webdav.foo.com, I might want a *.foo.com > certificate. That's far more expensive to purchase (note: expensive > enough to be a reason why a lot of banks don't SSLify their front > pages) and so I might just not bother since I can make my own. Yes. $79 for a cheap one. > SSL was never, AIUI, intended to be a "you must pay to play" > situation. I think you're being a little unfair in use cases (2), (3) > and (4) with your wording, and as someone else pointed out, leaning > heavily towards commercial CAs as being the only solution. I absolutely don't think commercial CAs are the only viable solution. If I bought my domain name for $10/year, I'm not terribly keen on paying again for the cryptographic receipt that says I own it. IETF RFC 4398 provide a mechanism with which to use DNSSEC to authenticate a site certificate using DNSSEC. No commercial CA needed.
Received on Wednesday, 27 December 2006 21:47:29 UTC