From owner-freebsd-chat Mon Oct 21 16:58:53 2002 Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03A6C37B401 for ; Mon, 21 Oct 2002 16:58:52 -0700 (PDT) Received: from bast.unixathome.org (bast.unixathome.org [216.187.105.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 637C043E4A for ; Mon, 21 Oct 2002 16:58:51 -0700 (PDT) (envelope-from dan@langille.org) Received: from wocker (wocker.unixathome.org [192.168.0.99]) by bast.unixathome.org (Postfix) with ESMTP id 11F193F4B; Mon, 21 Oct 2002 19:58:39 -0400 (EDT) From: "Dan Langille" To: Terry Lambert Date: Mon, 21 Oct 2002 19:59:16 -0400 MIME-Version: 1.0 Subject: Re: Verisign, Thawte, Entrust, whom? Cc: "Kevin D. Kinsey, DaleCo, S.P." , freebsd-chat@FreeBSD.ORG Message-ID: <3DB45C94.9163.204D73AE@localhost> In-reply-to: <3DB46348.D45241C3@mindspring.com> X-mailer: Pegasus Mail for Windows (v4.02a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 21 Oct 2002 at 13:27, Terry Lambert wrote: > Dan Langille wrote: > > On 21 Oct 2002 at 13:25, Kevin D. Kinsey, DaleCo, S.P. wrote: > > > Well, not to beat a dead horse, > > > but since we've recently chatted > > > about registrars, who do you like > > > for your SSL certs? > > > > Some friends are looking at this issue now. So far, we have settled > > on http://www.instantssl.com/ but found that http://www.freessl.com/ > > is even cheaper so will look at them closer before deciding. > > > > There's a bit of a list (from one of the vendors mind you) at > > http://www.whichssl.com/ > > The canonical answer for HTTPS: has to be: > > "Whatever vendors whose top level authorities are installed > by default in both IE and Netscape" That will vary from version to version. Newer browsers have more CA certs. When Terry mentions "vendors whose top level authorities" I think it reflects the situation where a few companies have gotten around the problem of not having aroot cert in IE/Netscape by getting one of the "established" CAs to sign an intermediate CA certificate for them. See http://www.whichssl.com/faq/intermediates.html for a bit more detail on the matter. -- Dan Langille To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message