Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Self-signed, no-cost or paid TLS(SSL) certificates?

Off-Topic discussions about science, technology, and non Debian specific topics.
Message
Author
User avatar
dotlj
Posts: 646
Joined: 2009-12-25 17:21

Re: Self-signed, no-cost or paid TLS(SSL) certificates?

#21 Post by dotlj »

I think I'll never spend my hard-earned money on a paid certificate but I'd very much like to hear your comments, whether you use paid or unpaid certificates, about the Email Certificate business and certificates for domains.
Agree.
IMHO it's (just another) idiot tax.
A self signed cert is every bit as effective at encrypting the traffic (and verifying your identity) and there is a very much lower chance of your keys being leaked/stolen/reissued to an impersonator etc.
I thnk the ONLY advantage of a *commercially supplied* cert (paid for OR "free") is inclusion in the default trust chain of browsers/clients used by "the public" (assuming your chosen providers 'trusted' status isn't arbitrarily revoked at any point).
+1

Google has lots of other problems. Whenever you travel, even short differences and your IP address changes, they lock your email account because it might be Mallory, instead of Bob or Alice.
Proton Mail allows you to use Tor, and now offers Proton VPN for both free and paid for accounts.

kedaha
Posts: 3521
Joined: 2008-05-24 12:26
Has thanked: 33 times
Been thanked: 77 times

Re: Self-signed, no-cost or paid TLS(SSL) certificates?

#22 Post by kedaha »

Thanks reinob for your reply, which does indeed clarify it.
That's right; it's my server running on their infrastructure where my IP isn't shared with other users so it looks very much as though I'll have no alternative but to sign up to Microsoft's "Junk Mail Reporting Program."
@dotlj
Thanks for your reply too. By the way, I was amused you used Alice, Bob and Mallory, which I hadn't come across before, to illustrate the problem of changing IPs, so I read up about them here. I hadn't come across ProtonMail either, but I must say it looks first class.
Finally, the author of the ISPmail_tutorials, voices his opinion in no uncertain terms:
In the previous tutorial for Debian Jessie I had a lengthy comparison of self-signed certificates, company PKIs, LetsEncrypt and paid certificates. Let’s cut it short – we will use LetsEncrypt. There is no reason to pay the certificate mafia money any more. Why do I consider them mafia-like? Because it is plain wrong to exchange money for trust. And the recent history of awkward failures shows that they deserve no trust.
Any way to save one's hard-earned money is a boon if you ask me. :D
DebianStable

Code: Select all

$ vrms

No non-free or contrib packages installed on debian!  rms would be proud.

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: Self-signed, no-cost or paid TLS(SSL) certificates?

#23 Post by debiman »

In the previous tutorial for Debian Jessie I had a lengthy comparison of self-signed certificates, company PKIs, LetsEncrypt and paid certificates. Let’s cut it short – we will use LetsEncrypt. There is no reason to pay the certificate mafia money any more.
i'm not sure where that quote comes from, but:
  • that "shortcut" seems to be getting increasingly popular. reminds me of myself 15 years ago, when it seemed like a really good idea to open a gmail account to get away from ad-ridden yahoo (he said with a bitter laugh)
  • if i understand correctly, letsencrypt still pays money to the mafia. which brings us back to the google comparison - why are they spending money for something you are getting for free? maybe they make money from you?
i know it's hard to resist when something like this is offered for free, and one might come across as a pessimist or negative nancy when pointing out the weak points...

Post Reply