Re: [exim] MTAs and self signed certificates

At Glasgow uni we operate our own campus certificate authority, which
signs server certificates for many services hosted centrally, and also
services hosted in departments. The CA certificate itself is part of our
standard PC builds. For people who run their own machine (or for home
machines) there is a one-off task of importing the CA certificate. This
single step enables secure access to *all* our SSL-enabled services,
avoiding certificate warnings etc.

This scheme would be no use if for example we were selling stuff to
arbitary customers out on the net. But in our environment, where the
majority of our "customers" are using our services every day, it works well.

Firstly, we save money on "commercial" certificates. Secondly, we would
argue that verifying a certificate against the campus CA provides a client
with a *higher* level of trust than could a commercial CA. In order to
obtain a server certificate, two staff in Computing Service (who each know
only half the key material for the CA passphrase) must agree the request
is valid. We can, for example, give a very high level of assurance that
Alan Flavell (hi!) is entitled to obtain a certificate for physics.gla.ac.uk.
Whereas I'm not sure how a commercial CA could distinguish an arbitary
member of staff (or student, or member of the public) fraudulently
claiming to be responsible for IT in the Physics department, and hence
decline the request.

YMMV.

--
Chris Edwards, Glasgow University Computing Service