Tech Insider					     Technology and Trends


			      USENET Archives

From: John Murtari <jmurt...@thebook.com>
Subject: Experience with THAWTE as Apache CA
Date: 1997/01/28
Message-ID: <32EDFDCE.87F@thebook.com>#1/1
X-Deja-AN: 212762081
content-type: text/plain; charset=us-ascii
organization: Software Workshop Inc
mime-version: 1.0
newsgroups: comp.infosystems.www.servers.unix
x-mailer: Mozilla 3.01 (X11; I; SunOS 5.4 sun4c)


We have been looking at adding the SSLeay patches to create a 
secure Apache Server (we are on Solaris 2.5.1 and presently
Apache 1.1.1).  Wanted to find an economical, but recognized,
Certificate Authority.  We were going to go with VeriSign, but
didn't like the prices and the fact we had to go with Stronghold.

Found some info on Thawte Consulting Group
(http://www.thawte.com/certs),
and they seemed to offer a fair price ($100) and seem compatible
with Apache.

This CA stuff has been making us "dizzy", especially the fact that
certain browsers accepts certains CA's , out-of-the-box -- Thawte
says they are recognized by Netscape 2.x and IE 3.x.

We service a wide community and we didn't want folks to have to 
ADD another CA to their browsers just to use our secure services.

Any feedback would be appreciated! BTW, this is NOT a trojan add
for Thawte Consulting -- don't have any connection with them, just
visited their web site. Also heard the Postal Service was going to
be a CA??

                                         John
___________________________________________________________________
John Murtari                              Software Workshop Inc.
jmurt...@thebook.com 315.695.1301(x-211)  "TheBook.Com" (TM)
http://www.thebook.com/

From: a...@snowcrash.cymru.net (Alan Cox)
Subject: Re: Experience with THAWTE as Apache CA
Date: 1997/01/29
Message-ID: <5cn7sb$h2n@snowcrash.cymru.net>#1/1
X-Deja-AN: 212975887
references: <32EDFDCE.87F@thebook.com>
organization: CymruNET
newsgroups: comp.infosystems.www.servers.unix


In article <32EDFDCE....@thebook.com>,
John Murtari  <jmurt...@thebook.com> wrote:
>We have been looking at adding the SSLeay patches to create a 
>secure Apache Server (we are on Solaris 2.5.1 and presently
>Apache 1.1.1).  Wanted to find an economical, but recognized,

I've done this with the latest SSLeay and Apache 1.1.3. If you are in the
US be careful to read all the notes. The US has bizarre "software patent" 
laws that probably mean you can't use SSLeay for anything but research.

>This CA stuff has been making us "dizzy", especially the fact that
>certain browsers accepts certains CA's , out-of-the-box -- Thawte
>says they are recognized by Netscape 2.x and IE 3.x.

You can point random browsers at the Thawte site's secure pages and see
if they ask about certificates or just let you in. I think all the CA's
let you do that so you can see what the range of cover is.

>We service a wide community and we didn't want folks to have to 
>ADD another CA to their browsers just to use our secure services.

Quite a few browsers don't support SSL anyway.

I'd be interested in feedback from users of Thawte's service. They look
very attractive and we have to pick a CA soon. Also people who are using
Thawte's ISP reseller service.

Alan

-- 
Alan Cox, Technical Director, CymruNET Ltd:	Email:	A...@cymru.net
-------- http://www.cymru.net ----------	Phone: +44 1792 290194
Internet/Intranet Solutions, ISDN, Leased Lines, Consultancy and Support

From: gdasw...@odc.net (George Henry C. Daswani)
Subject: Re: Experience with THAWTE as Apache CA
Date: 1997/01/29
Message-ID: <5cmbpa$u7o@holocron.odc.net>#1/1
X-Deja-AN: 212977288
references: <32EDFDCE.87F@thebook.com>
organization: Digital Odyssey Internet Services
newsgroups: comp.infosystems.www.servers.unix


John Murtari (jmurt...@thebook.com) wrote:
: We have been looking at adding the SSLeay patches to create a 
: secure Apache Server (we are on Solaris 2.5.1 and presently
: Apache 1.1.1).  Wanted to find an economical, but recognized,

I'm wondering, aren't people supposed to pay some $$$ to use
RSA's encryption method if used commercially?

I'm wondering how are you using it legally without paying $$$ to
somebody like C2.ORG (stronghold)?

From: a...@snowcrash.cymru.net (Alan Cox)
Subject: Re: Experience with THAWTE as Apache CA
Date: 1997/01/29
Message-ID: <5cn8df$hhc@snowcrash.cymru.net>#1/1
X-Deja-AN: 212976465
references: <32EDFDCE.87F@thebook.com> <5cmbpa$u7o@holocron.odc.net>
organization: CymruNET
newsgroups: comp.infosystems.www.servers.unix


In article <5cmbpa$...@holocron.odc.net>,
George Henry C. Daswani <gdasw...@odc.net> wrote:
>I'm wondering, aren't people supposed to pay some $$$ to use
>RSA's encryption method if used commercially?

Within the USA. Most countries regard an algorithm as a statement of
mathematics and thus discovered not invented. Not being inside the USA also
means its much easier to use and distribute really secure (128bit key) 
software and browsers.

There is an explanation of all this with SSLeay, and with the RSAREF
implementation of RSA (the one RSA allows US citizens to use for limited
purposes without license).

Alan

-- 
Alan Cox, Technical Director, CymruNET Ltd:	Email:	A...@cymru.net
-------- http://www.cymru.net ----------	Phone: +44 1792 290194
Internet/Intranet Solutions, ISDN, Leased Lines, Consultancy and Support

			      USENET Archives


The materials and information included in this website may only be used
for purposes such as criticism, review, private study, scholarship, or 
research.


Electronic mail:			       WorldWideWeb:
   tech-insider@outlook.com			  http://tech-insider.org/