On Mon, 17 Mar 2003 14:40:48 PST, John Rumpelein <jmr(_at_)jmrtech(_dot_)com>
said:
It is already more or less required that organizations buy a CA-issued SSL
cert to operate a web site dealing in credit card transactions.
Now, is that *legally* required, or is that simply the guys at Visa and
Mastercard saying "We won't clear transactions for you unless you...."
I believe it to be the latter.
Maybe it is not so farfetched that they should do this (or maybe use the
same cert) to also operate a mail server?
Hmm.. if AOL and Hotmail and Yahoo were to insist on it, it might have a
snowball's chance of flying. The big question is whether there's enough
supply of SSL accelerator cards, and if certs were economically feasible.
Remember there's a lot of .com's and .org's that are 1 or 2 boxes in a colo,
or a box or two in a closet in somebody's basement (literally half my personal
mail goes to places that are at the skinny end of an ADSL or cable modem).
If you can think of a way to deploy this without bankrupting those places
(they'd not need an SSL card for 100 smtp-over-ssl a day, but a full-blown
.COM cert may put their budget over the edge). Any ideas?
pgpm07HLkvtzx.pgp
Description: PGP signature