Educause Security Discussion mailing list archives
Re: SSL scaling
From: "Flynn, Gary - flynngn" <flynngn () JMU EDU>
Date: Wed, 15 Jun 2011 19:59:02 +0000
-----Original Message----- From: John Ladwig <John.Ladwig () CSU MNSCU EDU> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Wed, 15 Jun 2011 14:33:28 -0500 To: <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] SSL scaling
InCommon seems to be operating as a reseller of Comodo certs, which implies that they may chain back to top-level CAs recognized by common browsers and operating systems.
That is correct. And for one low price, you get unlimited server (simple, SAN, and EV), user (S/MIME/Auth/Encryption), and code signing certs signed by a CA included in most products. Top level cert is already included in browsers. And I suspect having a common Incommon intermediate cert and policies is going to have collaboration advantages at some point in the future.
I disremember what Ipsca offers, in terms of broad recognition. It'd be a kindness if someone could refresh us on the need or absence of need to do local browser-cert installation to take advantage of these lower-cost services. Also, anyone who is interested in CAs and PKI in general should familiarize themselves with the work published by Chris Palmer in relation to the EFF's SSL Observatory project. Some of their findings are... dismaying. https://www.eff.org/deeplinks/2011/04/fully-qualified-nonsense-ssl-observa tory https://www.eff.org/deeplinks/2011/04/unqualified-names-ssl-observatory https://www.eff.org/observatory -jmlDexter Caldwell <Dexter.Caldwell () FURMAN EDU> 2011-06-15 14:12 >>>You could consider Ipsca's free for 2yr certs for education or some other cheap vendor. Or you can consider wildcards ir your own pki. The latter of course is a whole other issue to manage. Dexter The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> writes:We currently use a vended managed PKI portal that allows us to issue SSL certs to internal customers when they roll out a website, but its costs increase almost linearly with the size of our web portfolio. With the way the web is moving, I don't think this linear growth is sustainable. What solutions are in place and recommended among small to medium institutions for managing SSL certificates? Is a wild card cert the only way to manage this growth? I confess when I first moved to Higher Ed I was surprised to find that Educause itself doesn't operate in the CA space. After it has vetted an institution for a .edu domain, the process for validating that institution's identity is already shortcut, is it not? (I apologize if this is a FAQ. I've been unable to access the listserve.educause.edu site to research the archives for some reason.) Best wishes, Michael A. Smith Web & Digital / Academic Technologies Manager Nazareth College
-- Gary Flynn Security Engineer James Madison University
Attachment:
smime.p7s
Description:
Current thread:
- SSL scaling Michael A. Smith (Jun 15)
- Re: SSL scaling Julian Y Koh (Jun 15)
- Re: SSL scaling Jay Fowler (Jun 15)
- Re: SSL scaling Dexter Caldwell (Jun 15)
- Re: SSL scaling John Ladwig (Jun 15)
- Re: SSL scaling Flynn, Gary - flynngn (Jun 15)
- Re: SSL scaling Jay Fowler (Jun 15)
- Re: SSL scaling Frazier, William S [ITSYS] (Jun 15)
- Re: SSL scaling John Ladwig (Jun 15)
- Re: SSL scaling Frazier, William S [ITSYS] (Jun 15)
- Re: SSL scaling King, Ronald A. (Jun 15)
- Re: SSL scaling Jack Suess (Jun 15)
- Re: SSL scaling Hubert, Wesley R (Jun 16)
- Re: SSL scaling Michael Fertig (Jun 17)
- Re: SSL scaling Kevin Halgren (Jun 21)
- Re: SSL scaling Jack Suess (Jun 17)
- Re: SSL scaling Andy Hooper (Jun 20)
- Re: SSL scaling Michael Fertig (Jun 17)