New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Safe to use Personal ID SSLs?
century1stop
Member
in General
As the title goes, what do you think? any experience? I for one am quite reserved over the fact personal information will be exposed over internet.
Comments
Not everything.
its more or less like OpenID .
You never used wosign/startssl ?
@RockBeltHOST wosign yes, startssl no. but from information I got, name plus other details will be listed in the certificate. rather risky, don't you think?
as far i know name and email id only and maybe dob too
@RockBeltHOST I've checked Startssl and domeny, it's name plus other stuff, not sure what (not clarified). from my point better safe than sorry, scammers nowadays are very progressive.......
@century1stop
I use startssl have class 2 with them. The certificate lists my first and last name, city and state. But that is all normal certificate stuff, since I don't have a company address it lists my city and state. Startssl has my date of birth and full address nothing too sensitive. I have 7 or 8 wildcard certificates with them.
is it or is it not possible for someone over the internet to use such details in forged documentation?
Maybe, but if you really wanted my name there are many places you can find it.
quite true, but I'm rather reserved with the idea of providing id / passport / driving license to any party unless really necessary plus since such information may be seen/used by thousands, no single party can be held responsible
I see what your saying, I've seen many things said about startssl for instance. For me I'm not too concerned about it. Startcom, they are their own trusted root, their root certificate is in every major OS by default. If they are leaking/stealing peoples info their root would be revoked out of windows, linux, mac and other distributions.
I would be concerned with giving a lot of details to a random CA that's signed by anther CA or something.
That's just my take on that, I'm sure there is people that would disagree.
I'll be one that disagree
thanks for your opinion