[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ca-certificates: no more cacert.org certificates?!?



Hi,

On Dienstag, 1. April 2014, Marc Haber wrote:
> I have to agree on that. But a Startcom Certificate on a personal web
> site is one web site more that doesn't train users to blindly click
> away certificate warnings. A cacert certificate or a self-signed
> certificate on a personal web site is one web site more that does that
> kind of training.

so what? SSL is broken by design, "trusting" anything based on an SSL 
certificate is foolish at best. any CA (of which there are hundreds enabled in 
browsers and system libraries by default) can sign any certificate and most 
(all?) tools won't complain/detect this.

so in a way, training not to trust these certs is the best one can do :)


cheers,
	Holger, who wishes banks would push gpg & monkeysphere for https


Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: