Re: FOLLOW UP - Re: what certificate to buy from Verisign ?
- From: <jason.chen@xxxxxxxxxxxxxxxxx>
- Date: Fri, 23 Sep 2005 13:51:27 -0400
thanks steve,
I'll do some testing over these 2 scenarios and see what happens.
thanks,
-Jason
"Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:AIzE2kCwFHA.3020@xxxxxxxxxxxxxxxxxxxxxxxx
> Hi Jason,
>
> Yes, when calling webservice which is SSL protected from cilent proxy, the
> connection may not be utilized as efficient as the browser since the
> underlying HttpWebrequest component's implementation is not guaranteed on
> such connection caching. However, due to the sophisticated secure of the
> SSL/TLS, many people still choose this approach in their webservice
> communication. Also, as WSE since the WSE components manually implement
> what the SSL/TLS do (though not as perfect as it), we have more
flexibility
> over the connections controling when using WSE. Anyway, if you do have
> critical concerns on the performance, it's better to perform some simple
> tests through the two means which may give us a clear view.
>
> Thanks,
>
> Steven Cheng
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
>
> --------------------
> From: <jason.chen@xxxxxxxxxxxxxxxxx>
> References: <Oo3#jyUuFHA.3756@xxxxxxxxxxxxxxxxxxxx>
> <NRnDAzcuFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> <uK1wLCguFHA.596@xxxxxxxxxxxxxxxxxxxx>
> <dlKkV7luFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> <uKVnDInuFHA.3500@xxxxxxxxxxxxxxxxxxxx>
> <gRqUmbouFHA.1080@xxxxxxxxxxxxxxxxxxxxx>
> <Oxmu91IvFHA.3452@xxxxxxxxxxxxxxxxxxxx>
> <gGB5JtLvFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> <eqSVtJgvFHA.2076@xxxxxxxxxxxxxxxxxxxx>
> <M10VK0ovFHA.580@xxxxxxxxxxxxxxxxxxxxx>
> <ei#DE3svFHA.908@xxxxxxxxxxxxxxxxxxxx>
> <2sOVJa0vFHA.1616@xxxxxxxxxxxxxxxxxxxxx>
> Subject: Re: FOLLOW UP - Re: what certificate to buy from Verisign ?
> Date: Thu, 22 Sep 2005 14:46:35 -0400
> Lines: 481
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Outlook Express 6.00.3790.326
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
> Message-ID: <O13W2X6vFHA.3000@xxxxxxxxxxxxxxxxxxxx>
> Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
> NNTP-Posting-Host: a7cebc03.cst.lightpath.net 167.206.188.3
> Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
> Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.dotnet.framework.webservices.enhancements:4959
> X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
>
> Hi Steven,
> usually in a server to server scenario, once response is received, the
> *client* who sends the request will close down the connection. I think
> that's the diffference comparing to browser to server scenario? I know the
> SSL handshake is an expensive operation, if I choose to use SSL to access
> the webservice, that'll mean everytime I send a request to the webservice,
a
> new connection is established, and SSL handshake will be done, then we
lose
> the benefit of re-using the same session key, is it correct?
>
> thanks,
> -Jason
>
> "Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
> news:2sOVJa0vFHA.1616@xxxxxxxxxxxxxxxxxxxxxxxx
> > Hi Jason,
> >
> > Of course the sessionkey will be expired and regenerated after
connection
> > closed and new connection established. Also, during a live connection's
> > lifecycle, the SessionKey will also expire and be regenerated according
to
> > the timespan is has across so as to ensure the channel's secure. In
> > addition, for SSL between server to server, I think it's the same with
> > client to server, in fact when a server use HTTPS to call webservice at
> > another server protected by SSL/TLS, the server which send the request
is
> > just the "CLIENT", so server/client is a logic concept.
> >
> > Thanks,
> >
> > Steven Cheng
> > Microsoft Online Support
> >
> > Get Secure! www.microsoft.com/security
> > (This posting is provided "AS IS", with no warranties, and confers no
> > rights.)
> >
> > --------------------
> > From: <jason.chen@xxxxxxxxxxxxxxxxx>
> > References: <Oo3#jyUuFHA.3756@xxxxxxxxxxxxxxxxxxxx>
> > <NRnDAzcuFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> > <uK1wLCguFHA.596@xxxxxxxxxxxxxxxxxxxx>
> > <dlKkV7luFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> > <uKVnDInuFHA.3500@xxxxxxxxxxxxxxxxxxxx>
> > <gRqUmbouFHA.1080@xxxxxxxxxxxxxxxxxxxxx>
> > <Oxmu91IvFHA.3452@xxxxxxxxxxxxxxxxxxxx>
> > <gGB5JtLvFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> > <eqSVtJgvFHA.2076@xxxxxxxxxxxxxxxxxxxx>
> > <M10VK0ovFHA.580@xxxxxxxxxxxxxxxxxxxxx>
> > Subject: Re: FOLLOW UP - Re: what certificate to buy from Verisign ?
> > Date: Wed, 21 Sep 2005 12:58:55 -0400
> > Lines: 388
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-Newsreader: Microsoft Outlook Express 6.00.3790.326
> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
> > Message-ID: <ei#DE3svFHA.908@xxxxxxxxxxxxxxxxxxxx>
> > Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
> > NNTP-Posting-Host: a7cebc03.cst.lightpath.net 167.206.188.3
> > Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
> > Xref: TK2MSFTNGXA01.phx.gbl
> > microsoft.public.dotnet.framework.webservices.enhancements:4946
> > X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements
> >
> > Hi Steven,
> > thanks for getting back to me. SSL is possible in my scenario, but I
> > have some doubts about using SSL in a server to server scenario, let me
> > explain:
> >
> > in a typical scenario of Browser talking to server through SSL, a SSL
> > handshake is done, and a session key is established, session key is
> > transferred back to browser from server. and browser can use the
generated
> > session key to send request to the server as long as the browser remain
> > open. if browser closes down, session will be lost, if new browser
> instance
> > opens, new SSL handshake have to be done, new session key will be
> generated
> > and transferred back to browser.
> >
> > in a sccenario of server talking to server through SSL, SSL handshake
will
> > be done when server tries to send request to the other server through
> https.
> > session key will be transferred back, and as long as the connection not
> > closed down, same session key will be used. the catch here is in most
> server
> > to server scenario, I think connections have to be closed once the
request
> > is done. or in this scenario, should we put the opened https connection
> into
> > a connection pool? I think I'm lost in this. also, will the session key
> ever
> > expire?
> >
> > thanks,
> > -jason
> >
> > "Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:M10VK0ovFHA.580@xxxxxxxxxxxxxxxxxxxxxxxx
> > > Hi Jason,
> > >
> > > Thanks for your followup.
> > > The verisign guy's suggestion is reasonable from security perspective
> > since
> > > Asymmetric encryption is really more secure, but also more performance
> > > cost. Generally, we'll use asymmetric encrytion to transfer
sessionkey
> > > and then use that sessionkey to do symmetric encryption for all the
> > > sequential commuincation. That's also what SLL/TLS does.
> > >
> > > For HTTPS/SSL, of course I'd recommend you consider it if SSL/TLS is
> > really
> > > possible for your scenario. The SSL/TLS just provide a secuire point
to
> > > point channel which ensure confidential, integrity .... And though
> WSE
> > > also priovde these features, the SSL/TLS's implementation is surely
more
> > > robust and sophisticated. And the WSE's strong point is that it
provide
> > > more flexible and wide applicaiton scenario, which is not limited to
> > > webserver scenario, (generally SSL/TLS require our server service be
> > hosted
> > > in a sophisticated webserver like IIS/ Apache or other applicaiton
> > > server). While WSE application can be hosted in any .NET application.
> > >
> > > Thanks,
> > >
> > > Steven Cheng
> > > Microsoft Online Support
> > >
> > > Get Secure! www.microsoft.com/security
> > > (This posting is provided "AS IS", with no warranties, and confers no
> > > rights.)
> > > --------------------
> > > From: <jason.chen@xxxxxxxxxxxxxxxxx>
> > > References: <Oo3#jyUuFHA.3756@xxxxxxxxxxxxxxxxxxxx>
> > > <NRnDAzcuFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> > > <uK1wLCguFHA.596@xxxxxxxxxxxxxxxxxxxx>
> > > <dlKkV7luFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> > > <uKVnDInuFHA.3500@xxxxxxxxxxxxxxxxxxxx>
> > > <gRqUmbouFHA.1080@xxxxxxxxxxxxxxxxxxxxx>
> > > <Oxmu91IvFHA.3452@xxxxxxxxxxxxxxxxxxxx>
> > > <gGB5JtLvFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> > > Subject: FOLLOW UP - Re: what certificate to buy from Verisign ?
> > > Date: Tue, 20 Sep 2005 12:43:28 -0400
> > > Lines: 284
> > > X-Priority: 3
> > > X-MSMail-Priority: Normal
> > > X-Newsreader: Microsoft Outlook Express 6.00.3790.326
> > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
> > > Message-ID: <eqSVtJgvFHA.2076@xxxxxxxxxxxxxxxxxxxx>
> > > Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
> > > NNTP-Posting-Host: a7cebc03.cst.lightpath.net 167.206.188.3
> > > Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
> > > Xref: TK2MSFTNGXA01.phx.gbl
> > > microsoft.public.dotnet.framework.webservices.enhancements:4929
> > > X-Tomcat-NG:
microsoft.public.dotnet.framework.webservices.enhancements
> > >
> > > HI Steven,
> > > this is an update on this thread, I just had a call with a
Verisign
> > > senior engineer, and he had very strong opinions on using asymetric
> > > encryptions.
> > > first thing he said when I tried to explain to him WSE2 uses
> asymetric
> > > encryption is 'asymetric encryption is 1000 times slower than symetric
> > > encryption', then he recommended to use HTTPS protocol to protect the
> data
> > > on the transport level instead of using HTTP and protect the data on
the
> > > application level. he also said by protecting data on application
level,
> > > it'll be much slower and will be easier for brute force attack.
> > > what I'd like to find out from you is, do you have any performance
> > > matrix on how much performance overhead will be added by using x.509
> > > certificates to encrypt the sign the data comparing to not encrypting
> and
> > > sign the data?
> > > also, do you have any comment on using HTTPS vs. using HTTP + WSE2
> > > encryption and signing?
> > >
> > > thanks,
> > > -Jason
> > >
> > > "Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
> > > news:gGB5JtLvFHA.768@xxxxxxxxxxxxxxxxxxxxxxxx
> > > > You're welcome Jason,
> > > >
> > > > If there're any further things we can help later, please feel free
to
> > post
> > > > here.
> > > > Good luck!
> > > >
> > > > Steven Cheng
> > > > Microsoft Online Support
> > > >
> > > > Get Secure! www.microsoft.com/security
> > > > (This posting is provided "AS IS", with no warranties, and confers
no
> > > > rights.)
> > > > --------------------
> > > > From: <jason.chen@xxxxxxxxxxxxxxxxx>
> > > > References: <Oo3#jyUuFHA.3756@xxxxxxxxxxxxxxxxxxxx>
> > > > <NRnDAzcuFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> > > > <uK1wLCguFHA.596@xxxxxxxxxxxxxxxxxxxx>
> > > > <dlKkV7luFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> > > > <uKVnDInuFHA.3500@xxxxxxxxxxxxxxxxxxxx>
> > > > <gRqUmbouFHA.1080@xxxxxxxxxxxxxxxxxxxxx>
> > > > Subject: Re: what certificate to buy from Verisign ?
> > > > Date: Sun, 18 Sep 2005 16:13:51 -0400
> > > > Lines: 212
> > > > X-Priority: 3
> > > > X-MSMail-Priority: Normal
> > > > X-Newsreader: Microsoft Outlook Express 6.00.3790.326
> > > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
> > > > Message-ID: <Oxmu91IvFHA.3452@xxxxxxxxxxxxxxxxxxxx>
> > > > Newsgroups:
microsoft.public.dotnet.framework.webservices.enhancements
> > > > NNTP-Posting-Host: a7cebc03.cst.lightpath.net 167.206.188.3
> > > > Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
> > > > Xref: TK2MSFTNGXA01.phx.gbl
> > > > microsoft.public.dotnet.framework.webservices.enhancements:4913
> > > > X-Tomcat-NG:
> microsoft.public.dotnet.framework.webservices.enhancements
> > > >
> > > > thanks steven for following up, I guess I have to schedule a call
with
> > > > verisign to work this out then.
> > > >
> > > > -Jason
> > > >
> > > > "Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
> > > > news:gRqUmbouFHA.1080@xxxxxxxxxxxxxxxxxxxxxxxx
> > > > > Hi Jason,
> > > > >
> > > > > Server certificate is used by server service, and is not necessary
> for
> > > > > client app. For client side, there has Client Authentication
> > > Certificate
> > > > > respectively. In fact, you find a certain windows 2000 or 2003
> server
> > > > > machine which can install the Microsoft Certificate Service, so
that
> > you
> > > > > can create/send certificate request to it , from which you can see
> > those
> > > > > most popular types of certificates. In addition, professional
> > > Authority
> > > > > like Verisign will have much more types of certificates available,
> so
> > I
> > > > > still think it better you consult them on your scenario.
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Steven Cheng
> > > > > Microsoft Online Support
> > > > >
> > > > > Get Secure! www.microsoft.com/security
> > > > > (This posting is provided "AS IS", with no warranties, and confers
> no
> > > > > rights.)
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > --------------------
> > > > > From: <jason.chen@xxxxxxxxxxxxxxxxx>
> > > > > References: <Oo3#jyUuFHA.3756@xxxxxxxxxxxxxxxxxxxx>
> > > > > <NRnDAzcuFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> > > > > <uK1wLCguFHA.596@xxxxxxxxxxxxxxxxxxxx>
> > > > > <dlKkV7luFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> > > > > Subject: Re: what certificate to buy from Verisign ?
> > > > > Date: Thu, 15 Sep 2005 23:52:07 -0400
> > > > > Lines: 146
> > > > > X-Priority: 3
> > > > > X-MSMail-Priority: Normal
> > > > > X-Newsreader: Microsoft Outlook Express 6.00.3790.326
> > > > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
> > > > > Message-ID: <uKVnDInuFHA.3500@xxxxxxxxxxxxxxxxxxxx>
> > > > > Newsgroups:
> microsoft.public.dotnet.framework.webservices.enhancements
> > > > > NNTP-Posting-Host: a7cebc02.cst.lightpath.net 167.206.188.2
> > > > > Path:
> TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
> > > > > Xref: TK2MSFTNGXA01.phx.gbl
> > > > > microsoft.public.dotnet.framework.webservices.enhancements:4897
> > > > > X-Tomcat-NG:
> > microsoft.public.dotnet.framework.webservices.enhancements
> > > > >
> > > > > hi Steven,
> > > > > I'd like X509 certificate to be used by both client and
server,
> > you
> > > > > mentioned the server side can use a regular SSL certificate, can
> > client
> > > > also
> > > > > use a regular ssl certificate on client side?
> > > > >
> > > > > thanks,
> > > > > -Jason
> > > > >
> > > > > "Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in
message
> > > > > news:dlKkV7luFHA.768@xxxxxxxxxxxxxxxxxxxxxxxx
> > > > > > Thanks for your response Jason,
> > > > > >
> > > > > > As for the webservice client, it all depends on your
application's
> > > > > security
> > > > > > authetication design. If you server doesn't use some
> authentication
> > > > schema
> > > > > > which require client certificates(x509 authentication based
token
> > > > > > authentication....) or the server dosn't require the client to
> use
> > a
> > > > > > certain certificate to identitfy clientside, then client app do
> not
> > > need
> > > > > to
> > > > > > have a own certificate. This is just like when we use SSL
> without
> > > > > > requiring clientside certificate. Also, since you're using
WSE,
> > if
> > > > you
> > > > > > have used x509 certificate token to sign message at both
> > > > > client/serverside,
> > > > > > then, the clientside also must have its own certificate.
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > Steven Cheng
> > > > > > Microsoft Online Support
> > > > > >
> > > > > > Get Secure! www.microsoft.com/security
> > > > > > (This posting is provided "AS IS", with no warranties, and
confers
> > no
> > > > > > rights.)
> > > > > >
> > > > > >
> > > > > > --------------------
> > > > > > From: <jason.chen@xxxxxxxxxxxxxxxxx>
> > > > > > References: <Oo3#jyUuFHA.3756@xxxxxxxxxxxxxxxxxxxx>
> > > > > > <NRnDAzcuFHA.768@xxxxxxxxxxxxxxxxxxxxx>
> > > > > > Subject: Re: what certificate to buy from Verisign ?
> > > > > > Date: Thu, 15 Sep 2005 10:19:53 -0400
> > > > > > Lines: 83
> > > > > > X-Priority: 3
> > > > > > X-MSMail-Priority: Normal
> > > > > > X-Newsreader: Microsoft Outlook Express 6.00.3790.326
> > > > > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
> > > > > > Message-ID: <uK1wLCguFHA.596@xxxxxxxxxxxxxxxxxxxx>
> > > > > > Newsgroups:
> > microsoft.public.dotnet.framework.webservices.enhancements
> > > > > > NNTP-Posting-Host: a7cebc03.cst.lightpath.net 167.206.188.3
> > > > > > Path:
> > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
> > > > > > Xref: TK2MSFTNGXA01.phx.gbl
> > > > > > microsoft.public.dotnet.framework.webservices.enhancements:4884
> > > > > > X-Tomcat-NG:
> > > microsoft.public.dotnet.framework.webservices.enhancements
> > > > > >
> > > > > > thanks Steven, I guess the server side can just purchase the
> normal
> > > > > > webserver certificate, what about the client side who consumes
the
> > > > > > webservice? should they also get a normal webserver certificate
or
> > > > > something
> > > > > > particular?
> > > > > >
> > > > > > many thanks,
> > > > > > -jason
> > > > > >
> > > > > > "Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in
> message
> > > > > > news:NRnDAzcuFHA.768@xxxxxxxxxxxxxxxxxxxxxxxx
> > > > > > > Hi Jason,
> > > > > > >
> > > > > > > AS for the Certificate type you mentioned, for your scenario,
> > since
> > > > the
> > > > > > > certificate is mainly used to identitfy your server
application
> > and
> > > > > build
> > > > > > a
> > > > > > > secure communication channel between client/server, I think a
> > normal
> > > > web
> > > > > > > server certificate is enough. Of course, there must has some
> guys
> > > > from
> > > > > > > Verisign who will help you find the proper certificate for
yoru
> > > > > > > application.
> > > > > > >
> > > > > > > Thanks,
> > > > > > >
> > > > > > > Steven Cheng
> > > > > > > Microsoft Online Support
> > > > > > >
> > > > > > > Get Secure! www.microsoft.com/security
> > > > > > > (This posting is provided "AS IS", with no warranties, and
> confers
> > > no
> > > > > > > rights.)
> > > > > > >
> > > > > > >
> > > > > > > --------------------
> > > > > > > From: <jason.chen@xxxxxxxxxxxxxxxxx>
> > > > > > > Subject: what certificate to buy from Verisign ?
> > > > > > > Date: Wed, 14 Sep 2005 12:52:04 -0400
> > > > > > > Lines: 29
> > > > > > > X-Priority: 3
> > > > > > > X-MSMail-Priority: Normal
> > > > > > > X-Newsreader: Microsoft Outlook Express 6.00.3790.326
> > > > > > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.326
> > > > > > > Message-ID: <Oo3#jyUuFHA.3756@xxxxxxxxxxxxxxxxxxxx>
> > > > > > > Newsgroups:
> > > microsoft.public.dotnet.framework.webservices.enhancements
> > > > > > > NNTP-Posting-Host: a7cebc03.cst.lightpath.net 167.206.188.3
> > > > > > > Path:
> > > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
> > > > > > > Xref: TK2MSFTNGXA01.phx.gbl
> > > > > > >
microsoft.public.dotnet.framework.webservices.enhancements:4873
> > > > > > > X-Tomcat-NG:
> > > > microsoft.public.dotnet.framework.webservices.enhancements
> > > > > > >
> > > > > > > Hi, my company plans to use WSE2.0 sp3 to secure the
webservice
> > > > > > > communication between us and the client. now that we are
looking
> > at
> > > > > > Verisign
> > > > > > > on what exactly to buy but the sales person at Verisign were
not
> > > very
> > > > > > > helpful. and MSDN didn't provide any information on what exact
> > > > > certificate
> > > > > > > to buy from Verisign either, all it says is get certificate
from
> a
> > > > > trusted
> > > > > > > CA, for example: Verisign.
> > > > > > >
> > > > > > > could someone point out which product to buy from verisign?
> > > > > > >
> > > > > > > some information on what I found so far:
> > > > > > >
> > > > > > > 1. after searched around, seems a lot of people are
complaining
> > > > Verisign
> > > > > > > sales have no idea what to buy to encrypt and sign web
services.
> > > > > > >
> > > > > > > 2. some people seem got regular SSL certificates working to
> > encrypt
> > > > and
> > > > > > > sign web service request, but will there be performance
issues?
> is
> > > it
> > > > > > > recommened by Microsoft that an existing SSL certificate can
be
> > used
> > > > for
> > > > > > > encrypt and sign webservice requests?
> > > > > > >
> > > > > > > 3. some people in various newsgroups are talking about using
the
> > > > Digital
> > > > > > ID
> > > > > > > product from Verisign to encrypt and sign webservice requests,
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
(http://www.verisign.com/products-services/security-services/pki/pki-applica
> > > > > > > tion/email-digital-id/index.html), this is a product from
> Verisign
> > > to
> > > > > > secure
> > > > > > > emails. is this correct to use Digital ID? this thing is much
> > > cheaper
> > > > > than
> > > > > > > regular SSL certificates, only $19.99/Year
> > > > > > >
> > > > > > > Please help, thanks a lot.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> >
> >
> >
>
>
>
.
- References:
- what certificate to buy from Verisign ?
- From: jason.chen
- RE: what certificate to buy from Verisign ?
- From: Steven Cheng[MSFT]
- Re: what certificate to buy from Verisign ?
- From: jason.chen
- Re: what certificate to buy from Verisign ?
- From: Steven Cheng[MSFT]
- Re: what certificate to buy from Verisign ?
- From: jason.chen
- Re: what certificate to buy from Verisign ?
- From: Steven Cheng[MSFT]
- Re: what certificate to buy from Verisign ?
- From: jason.chen
- Re: what certificate to buy from Verisign ?
- From: Steven Cheng[MSFT]
- FOLLOW UP - Re: what certificate to buy from Verisign ?
- From: jason.chen
- RE: FOLLOW UP - Re: what certificate to buy from Verisign ?
- From: Steven Cheng[MSFT]
- Re: FOLLOW UP - Re: what certificate to buy from Verisign ?
- From: jason.chen
- Re: FOLLOW UP - Re: what certificate to buy from Verisign ?
- From: Steven Cheng[MSFT]
- Re: FOLLOW UP - Re: what certificate to buy from Verisign ?
- From: jason.chen
- Re: FOLLOW UP - Re: what certificate to buy from Verisign ?
- From: Steven Cheng[MSFT]
- what certificate to buy from Verisign ?
- Prev by Date: Re: FOLLOW UP - Re: what certificate to buy from Verisign ?
- Next by Date: WSE3 and TCPIP hosted services - why does client require action & ReplyTo?
- Previous by thread: Re: FOLLOW UP - Re: what certificate to buy from Verisign ?
- Next by thread: VS2005 RC
- Index(es):
Relevant Pages
|
