On Mon, Mar 30, 2009 at 13:46:02 -0400, Todd Denniston <Todd.Denniston@xxxxxxxxxxxxxxxxxx> wrote: > > i.e., sure all the root CA's that the browser producers want to include > can come in, but they should have trust DBs that allow each user to tick: > * Never trust this key. (and by extension anything it has signed. Perhaps > with a pop up indicating 'the sig is ok, according to bla, but bla is a > known idiot.') > * Marginal trust. (pop up something saying 'the sig is ok, according to > bla, but you are uncomfortable with bla.') > * Fully trust. (operate as CA's in web browsers since they started getting CA's.) > > And by default (as released by the browser producers) the keys should be > set to either Never or Marginal. I'd rather see more of a web of trust type model. Right now you can only have one chain of certificates. So you can't have a cert signed by multiple roots. There is nothing keeping track of the cert you previously saw for a site (unless you remove all of the CA certs) so that you get warned when it changes. (At least if the new cert isn't signed by the old one.) CAs that charge extra in order to sign certs that have flag set to indicate that they can sign other certs in subdomains should be boycotted. Sites with self signed certs that prevent passive snooping get treated as the same as going to a site without ssl and not triggering all sorts of inappropriate warnings that look scary and make people jump through hoops to bypass them. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines