[unisog] IPSCA free SSL certificates

Russell Fulton r.fulton at auckland.ac.nz
Thu Aug 23 21:29:32 GMT 2007



John Kemp wrote:
> Cal Frye wrote:
>   
>> John Kemp wrote:
>>     
>>> My concern on this one was that I expected that by default IPSCA would 
>>> not be
>>> in the root CA caches on most client machines.  Are you seeing that as 
>>> the case?
>>>       
>> Actually, we find IPS Servadores or IPS Internet Publishing in most
>> newer clients; We're using IPSCA certs on our NAC devices with few
>> complaints.
>>
>>     
>
> ( Had some folks point us at GoDaddy.Com as well.
> They have a Class1 type that is $20/yr.  Class2 is $90/yr. )
>
> Anyone see any issues with class #1 typing.  Some of my
> worries about giving this a recommendation are
>
> 1) administrative control issues
> 2) whether class #1 meets the requirements for HIPPA or GLBA
> 3) the quality of the CA (reputation of the company, etc.)
> 4) weaker trust/verification in general
>   

Our take on this is that for high profile or critical services we still
use Thawte (particularly ones where there maybe liability issues). 
Where the primary purpose of SSL is just to protect login creds to local
services then we use anything that we can get our hands on including
self signed and free certs.  

Russell



More information about the unisog mailing list