[Nottingham] Hello
Graeme Fowler
graeme at graemef.net
Thu Mar 19 11:55:58 UTC 2009
On Thu, 2009-03-19 at 10:27 +0000, Michael Erskine wrote:
> Well, I don't think it's any reflection on Ubuntu for the browser not
> to accept certs from an untrusted source. If the user wants to
> override this behaviour, whilst understanding the potential
> consequences of course, they are free to do so. There are greater
> minds than ours on the task of establishing which cert authorities are
> trustworthy.
...and which CAs have paid for the right to be included in the browser
distributions previously mentioned, too. Money talks - and CACert.org is
a *community based* certificate authority, which doesn't have the funds:
http://wiki.cacert.org/wiki/InclusionStatus
The first paragraph makes for interesting reading, as does the table.
As it happens there is no way to make CACert.org certificates validate
in your browser *unless* you're using one of the browser or OS
combinations listed as working on the wiki (above), or manually
importing the CACert.org root key into your application, personal or
global certificate store.
Use of these certificates is a laudable aim, but it going to result in
confusion until their inclusion in browsers is widespread. If I were the
UKLUG people I'd be seriously looking at a commercial certificate and
asking the CA to sponsor the organisation...
Graeme
More information about the Nottingham
mailing list