Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Bill Cole (postfixlists-070913billmail.scconsult.com)
Date: Mon May 19 2008 - 10:50:33 CDT
At 10:05 AM +0200 5/19/08, Mauro Sanna wrote:
>> On Sat, May 17, 2008 at 07:20:18PM -0300, Arturo 'Buanzo' Busleiman wrote:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA512
>> > Hi group! Sorry for the OT. I'd like to implement SSL Certificates in my
>> > Postfix. Truth is there are
>> > lots of certificates available to be bought. Expensive ones, cheap ones...
>> > there's also openca. Of
>> > course, I don't want to use a self-signed one. Any recommendations? Again,
>> > sorry for the OT.
>> What's wrong with self-signed certificates? They work just fine for SMTP,
>> nobody checks SMTP certificate validity withour prior agreement with
>> specific sites. The vast majority of SMTP certs are self-signed.
>Use CAcert.org it's free.
That is not so if your time has any value and you have a typical user
base. User support effort is the biggest reason not to use a
self-signed cert, and that is at least as significant with any
3rd-party CA that is not a part of most users' set of trusted CA's.
It is also somewhat harder to make the logical case that a user
should trust a CAcert.org certification of the identity of their mail
provider than that they should trust that provider's own assertion.