Boost logo

Boost :

Subject: Re: [boost] [website] SSL certificate
From: David Abrahams (dave_at_[hidden])
Date: 2010-08-16 12:39:08


At Mon, 16 Aug 2010 07:33:04 -0500,
Rene Rivera wrote:
>
> Just because a cert is not signed by a built-in CA doesn't make it
> invalid. Having either self signed certs or locally signed certs is a
> common occurrence (I do it for most of my own HTTPS/SSH sites). So I
> don't see a real reason to start paying a major CA for them to sign a cert.

I know that, but a lot of people don't. And web browsers are making
untrusted CA signatures look increasingly alarming---it makes people
nervous and degrades trust in Boost. I suppose, pretty soon, we may
not need to have any https stuff on our own domain anyway, but as long
as we do have to do that, it would be good to have a cert that doesn't
raise any alarms.

-- 
Dave Abrahams
BoostPro Computing
http://www.boostpro.com

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk