I know about the limitations of self-signed certs. Depending on the type of deployments, as you have explained earlier, they can useful if these limitations are acceptable. Also, there had been reports that commercial CAs were at fault resulting in possible compromise.
On Thu, 16 Mar 2006 05:34:40 +0000 (GMT), "Paul Pruett" <[EMAIL PROTECTED]> said: > > > > if I remember correctly, the last time I tried Postfix on OpenBSD, I can > > use self-generated SSL cert. Hope it's helpful to you. > > > > self-signed certs can work with mail smtp servers postfix or sendmail, > man starttls > > But when you used self-signed certificates, other servers or clients > may at a minimum give warnings to users. also it is plausible that > using a certificate signed by a recognized CA may help when sending > to larger corporations or maybe not.... > > If you setup SMTP-AUTH, and have clients require TLS, the clients > will likely get a warning message till they accept and store it. > Thats okay for a a handfull, but for the non literate or commerce > customers it will be an education pain and then most admins > will donate $16 rather than have to explain to clients about accepting > certificates not signed by trusted CA..... > > thats my $0.02 on justifying $16 > > > ;) -- Andrew Ng [EMAIL PROTECTED] -- http://www.fastmail.fm - A no graphics, no pop-ups email service
