der.hans wrote:
> What we need is a personal site certificate authority. It's task
> four-hundred and something for me, so if someone else wants to make it
> happen that'd be good :).

Yes, indeed ... I am in 100% agreement with this ... I was unhappy the otherday 
when one of my hosting people said they wouldn't install a self signed cert for me.

Lets discuss a good way to go about this.  If we can agree on some proper 
handling procedures, I will gladly deal with the responsibility.  Although, 
there may be some longevity issues ... for instance I may become at some point 
financially unable to host a CRL or something.

 > I beg to differ with the word 'proper' in this connotation. My certificate
 > is just as 'proper' as the others.

Well, any clown can MITM with weakly bound PKI using dsniff.  For that matter 
too, I think something should be done about SSH host keys.

And of course there is the web of trust ... with GPG and whatnot.  I will cook 
something up about this ... addressing all of these issues.  Anyone else feel 
free to chime in.

Austin