Autor: Richard Welty Data: Para: exim-users Asunto: Re: [Exim] SSL certificates, mail, and hardware load balancers
On Tue, 16 Oct 2001 05:17:26 -0600 (MDT), dlt@??? wrote: >I was referring to server to server connections, which normally
>would not involve relaying. Verifying certificates from other servers that
>you have no control over means you (or they in this case) have to go
>through a professional Certificate Authority in order to properly verify
>the certificate. That costs a lot of money.
actually, if it's a controlled community, you can in theory be your
own certificate authority. back at vpnet, by default we used to supply
the certs in all of our IPSec appliances.
of course, this does mean that you're maintaining another box to serve
as a CA and all that. the CA software has tended to be expensive, but
i believe that there's some significant work in the open source
community now on just this point.
richard
(i'm not a certificate authority, but i play one on TV)