Quote:
|
Originally Posted by Cortig
I blame it all on the Network Admins for not properly distributing the self-signed certificates!!!
|
You can put the blame where you want, but I have been an associate of a couple of large technical organizations (such as MIT) with more than 10k users and they're still using self-signed certs or unencrypted connections. Distributing certs to so many users is impractical---the users have to self-provision (on every browser installation they use).
I think the technology is to blame if the users (the system administrators) aren't interested or able to avoid having their users manage certificates themselves. Basically, no one likes dealing with certificates, not the browser vendors, not the server maintainers, not the network admins, not the end users. Somehow it works in limited cases, but it's always a pain in the ass for the person who deals with the certs.