On Tue, 2009-03-31 at 02:22 +1030, Tim wrote: > On Mon, 2009-03-30 at 08:24 -0700, Craig White wrote: > > http://www.openca.org/ > > Though that leaves you with a few problems: > > Few clients recognise them as an authority. If they want to use them, > users have to figure out how to add their root certificate (if they > can). And that's not just *you*, but the person you want to converse > with. > > And even then, that leaves ordinary users with not so trustworthy > trusting (certificates issued without much vetting, and there's users > who have no way to prove who they really are to get a really good > certificate), and users just unthinkingly okaying not so trustable > certificates. ---- I agree that you are discussing the present day practical limitations but the concept of an open certificate authority would seem to defeat most, if not all of the problems of a corporate certificate authority such as Verisign or Thawte, etc. It would seem that those who harbor those concerns should join openca.org, help it reach critical mass, help it get root certificates installed in browsers by default, etc. Craig -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
