On 22/12/10 11:52 PM, Nico Kadel-Garcia wrote:
It's the easiest way to do it. If you allow someone else to hold your SSL keys, they can do interesting things to act as your front end to
Where in the original post did it mention using a system that's not under their control? The question was about a static IP address, not the system the keys and certificates would be installed on.
register your hostname associated with a registered key, but that gets tricky. And there are other fancy tricks, but they get weird and painful.
Yes, it also depends on how much effort they're willing to go to and whether or not they care if a visitor notices.
But let's be honest. Most SSL encryption is not done to authenticate a website as a signed, registered websites. Most of us at penny-wise workplaces have to hit "Yes, I accept this unsigned key" pop-ups all the time. SSL is often useful merely to encrypt the traffic end-to-end while clients accept such unsigned or incorrectly registered keys without concern. For that kind of use, dodging and weaving unregistered IP addresses are common place.
That's what my self-signed site is for, but then I live in a country that is still debating mandatory Internet censorship.
Most people wanting SSL on their website see it as a business requirement and most of those sites are running on shared or VPS hosting.
Regards, Ben