
Accountholders
These selections are here as a convenience to those who have accounts on this
server. For example, you can
check your mail.
This service is offered over a secure, encrypted connection.
Root Certificate Installation
When you log in to your email account, your browser will complain that the
site you are visiting is not trusted. This is because your browser does not
recognize the certification authority that signed this site's server
certificate. This is reasonable, because I signed the certificate,
not Verisign or Thawte or some other authority whose root certificate ships
with the browser you are using. These companies charge a non-trivial fee for
signing server certificates, which is also reasonable, because they must perform
research to determine that you are who you say you are when you apply for
a certificate. For non-commercial sites, a suitable alternative is to become
a mini-Certificate Authority. This is what I have done.
If you want to stop the browser warnings, you can download and install my
Root Certificate.
But don't do this before reading the following:
Why Installing This Root Certificate is Not a Good Idea
If you do not know me personally, or do not have an account on this
server, you should not install this certificate.
If you install this certificate, your browser will unconditionally accept
any certificate I sign. If I sign one for, say, www.yourbankhere.com, and can
trick your browser into visiting MY site instead of your bank's site, your
browser will blithely accept my site as really being your bank. To the extent
that I can successfully impersonate your bank's website, you are at my mercy.
If you do not know me personally, or do not have an account on this
machine, do us both a favour and do not install this certificate.
This topic was discussed a while ago on
Slashdot; see
this post
and also the responses to it.
|