Re: ca-certificates: no more cacert.org certificates?!?
- To: debian-devel@lists.debian.org
- Subject: Re: ca-certificates: no more cacert.org certificates?!?
- From: Marc Haber <mh+debian-devel@zugschlus.de>
- Date: Tue, 01 Apr 2014 09:20:19 +0200
- Message-id: <[🔎] E1WUszb-0007bm-Qz@swivel.zugschlus.de>
- In-reply-to: <87ha6edl8d.fsf@windlord.stanford.edu>
- References: <1722468.nyLnYD01gx@debstor> <E1WSSLo-0008MK-1v@swivel.zugschlus.de> <10992188.hDEB1a5xIj@debstor> <E1WTnPJ-00036G-HY@swivel.zugschlus.de> <CAA0ZO6BWQ3nCvu5iTrygH1mcSz1qXrX8o31unNKctoL-0Ui=Qw@mail.gmail.com> <E1WU9CM-0003tw-7F@swivel.zugschlus.de> <CAA0ZO6C_pAMg12131_Xbau02r5ypK-_PZBEazJhttTHmYw7Kcg@mail.gmail.com> <E1WUgDq-0001Ao-0Z@swivel.zugschlus.de> <CAA0ZO6AO4hhqarT7w5qoT=ZrmRAWZhXjsV6dLYidtrox-RtJaA@mail.gmail.com> <87ha6edl8d.fsf@windlord.stanford.edu>
On Mon, 31 Mar 2014 16:03:30 -0700, Russ Allbery <rra@debian.org>
wrote:
>Of course, I'm one of those people who believes that web site certificate
>signatures as currently implemented, with the level of vetting that's
>actually done by commercial CAs in practice, are more of an extortion
>racket than a security measure.
I have to agree on that. But a Startcom Certificate on a personal web
site is one web site more that doesn't train users to blindly click
away certificate warnings. A cacert certificate or a self-signed
certificate on a personal web site is one web site more that does that
kind of training.
Grüße
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Reply to: