-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all. I thought I'd throw this out there, to see what kind of ideas I get back, and if there are maybe enough of the same type of responses to qualify as a majority consensus. I'm setting up a webmail account for my mother on my server, and she's transitioning from using webmail at a major ISP for the last 6 years or so. She checks her mail on her windows laptop, which spends all of its time so far sitting on her desk at home. She hasn't checked her webmail on a pc other than her laptop for the last 6 years as far as I know, but that can of course happen at any time. The webmail sessions have to be encrypted, she refuses to login to any account, if it doesn't have the lock icon, or if that lock icon doesn't look like it's supposed to. I know she'd also complain if internet explorer told her that there is a problem with a site's certificate every time she clicked a link to go to another page. So, to summarize, it has to go over https, even if it will just be over our wired lan, and ssl has to behave as it would for most other sites. Also, getting a commercial ssl certificate isn't an option, not at this point anyway. I am considering signing up with cacert.org, and getting a standard automatically signed certificate through their system, and importing their root cert on my mom's machine. However, cacert's emphasis is on authentication, (and rightly so). They even state on their site that their goal is to create a web of trust among all their users. On the other hand, I'm just interested in the encryption benefits of ssl in this case, and not in authentication. So, what I'm trying to decide is if it's worth it for me to sign up with cacert.org, thus getting a certificate signed by them, but in turn also being bound by responsibilities in their rather long, and many agreements, or if it would be a better idea, considering the circumstances, and my goal of encryption vs. authentication, to simply import my own root cert on my mother's machine. From what I've seen, importing a root cert into windows for a user isn't a walk in the park, whereas cacert has an activex control that will import their root cert. This however isn't a major deciding factor for me. The way I see it, given that my mom checks her mail on her laptop, I'm better off importing my own root cert on her machine. She would get complaints from internet explorer, if she ever checked her mail on another machine, but at this point in time, it would be the same with cacert's root certificate also. As for other users who currently have accounts on my system, getting a cacert-signed certificate would benefit them in the long run, but at this point, there are only a couple of people with accounts here, and none of them use webmail from what I've seen based on my apache logs. So, what I'm trying to settle on is if it's worth it for me to sign up with cacert, the way things stand now with their root cert, (especially given that I'm not interested in authentication, and wouldn't be interested in meeting up with someone else to verify me, or for me to verify them, if that's possible), or if I should just import my root cert on my mom's machine. Any thoughts which would contribute in helping me to decide one way or the other, especially pointing out anything I over looked, would be appreciated, and thanks in advance. Greg - -- web site: http://www.romuald.net.eu.org gpg public key: http://www.romuald.net.eu.org/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) - -- Free domains: http://www.eu.org/ or mail dns-manager at EU.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkrc9xYACgkQ7s9z/XlyUyClEwCdGInlyqKV+3xw4+hmC4/tX/yW CEsAn3tvBRHWgccG+QYAYRoEyzaFDNxy =i79e -----END PGP SIGNATURE-----
