On 22/12/10 11:52 PM, Nico Kadel-Garcia wrote: > > It's the easiest way to do it. If you allow someone else to hold your > SSL keys, they can do interesting things to act as your front end to Where in the original post did it mention using a system that's not under their control? The question was about a static IP address, not the system the keys and certificates would be installed on. > register your hostname associated with a registered key, but that > gets tricky. And there are other fancy tricks, but they get weird > and painful. Yes, it also depends on how much effort they're willing to go to and whether or not they care if a visitor notices. > But let's be honest. Most SSL encryption is not done to authenticate > a website as a signed, registered websites. Most of us at penny-wise > workplaces have to hit "Yes, I accept this unsigned key" pop-ups all > the time. SSL is often useful merely to encrypt the traffic > end-to-end while clients accept such unsigned or incorrectly > registered keys without concern. For that kind of use, dodging and > weaving unregistered IP addresses are common place. That's what my self-signed site is for, but then I live in a country that is still debating mandatory Internet censorship. Most people wanting SSL on their website see it as a business requirement and most of those sites are running on shared or VPS hosting. Regards, Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20101223/00f38be6/attachment-0005.sig>