A variety of Internet applications need an SSL certificate to do sensible things like protect a password being sniffed. As I understand it, I need to setup my own CA up to generate one of these SSL certificates. http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html http://natalian.org/archives/2004/09/14/middlemail/ But, why !? I am a Debian user. Debian or SPI is a CA and shouldn't they be issuing certificates to make my life easier in accordance with the Social Contract? As far as I see, this is what http://cacert.org/ tries to do, but they can't seem to get their certificate in: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=213086 People may argue that Cacert Inc. is not "reputable" enough, but come on! Have you ever peeked inside /etc/ssl/certs? Trust those guys? If Debian users aren't worthy of a Debian CA issued SSL cert., what about developers? DDs are people who have had their identity verified.
Description: Digital signature