BBC 'vague' reporting again!
Chris Edwards
ukcrypto at chiark.greenend.org.uk
Thu, 4 Dec 2008 10:54:55 +0000 (GMT)
On Wed, 3 Dec 2008, Dave Howe wrote:
| James Firth wrote:
| >
| > POP3S - your server will need a certificate (self signed will do).
|
| Problem with self signed certs is that, if I want to be pop3.demon.net I
| *can* be - provided I can self-sign the cert to say I am.
Historically, we "self-signed" our own X509 CA certificate. When setup
properly, this is at least as secure as using commercial CAs, and is not
vulnerable to middle-person type attacks.
The only downside is the need to install the private CA cert on every
client system. Trivial for managed desktops. A little more fun for
certain makes of phone...
--
Chris Edwards, Glasgow University Computing Service.