CACert (was Re: [Wolves] A day with the boys from GLLUG)

Shane M. Coughlan shane at shaneland.co.uk
Fri May 5 17:36:31 BST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Andy Smith wrote:
> Agree, the SSL cert industry is a scam and unfortunately I don't see
> that changing any time soon.

Well, I'm not a fan of it...but I would not go so far as to call it a
scam.  Certs can be really useful for some purposes, and they are often
relatively cheap.

The entire certificate industry bothers me because of trust (or lack
thereof).  I don't really trust Twaith or Verisign or CACert.  I don't
generally trust companies.  This means that their verification of a
certificate does not inspire great amounts of security-orientated joy on
my part.

IMHO we need some form of verification.  SSL certs provide a potential
avenue, but I'd like to see something else.  Any suggestions anyone?

Shane

- --
Shane Martin Coughlan
e: shane at shaneland.co.uk
m: +447773180107
w: www.shaneland.co.uk
- ---
Projects:
http://mobility.opendawn.com	http://gem.opendawn.com
http://enigmail.mozdev.org	http://www.winpt.org
- ---
Organisations:
http://www.fsfeurope.org	http://www.fsf.org
http://www.labour.org.uk	http://www.opensourceacademy.gov.uk
- ---
OpenPGP: http://www.shaneland.co.uk/personalpages/shane/files/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-svn4127: (MingW32)

iQCVAwUBRFn48NwG3M95JPpzAQg8DQP+MUS4/scF5nUi3fboKs60Q+jTW+UNBCQ4
Ymyx3k8ct6ioL+momQWbL9gjemX8a/J+qNloP7FtYlmJNA1NFzHm3dGfzXtT6HOr
IE2PxePFDscukrd/T9lUxDQNaKc1C25GWQwH3H9Fr/ZUoOrCb/G9sHEHaIbxxVC0
9NxRhTMQd2A=
=qFlG
-----END PGP SIGNATURE-----





More information about the Wolves mailing list