> Could be a problem to assume this, as self-signed certificates
does not
> require a CA - that'll pick some bucks from you to sign your
> certificates - and it's sure self-signed certificates will be hanging
> around for a while, because they're cheaper than CA signed ones.
Absolutely -- I use pop3s (and a self-signed ssl cert) for my employees'
email, and I'm sure not going to tithe anually to Verisign or whoever
merely to avoid a one-time warning dialog for my dozen users. I'm sure
lots of other small companies feel the same way.
I use
http://www.cacert.org/ certificates, and while they have the
same problems at the moment with a one time warning dialog eventually
they may get included with the browsers etc. I use them for https,
smtps, imaps and pop3s.
P