-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-08-27 17:34, Robert Kaiser wrote:
Andrei Borzenkov schrieb:
I recently was given a URL that was signed by http://www.cacert.org;
...
See https://bugzilla.mozilla.org/show_bug.cgi?id=215243 and the thread listed in its whiteboard if you want to dig into the meant of this long-winded story.
Wow. Long one. I got tired reading at about post 50 (year 2004), and there are 191 (year 2009). I guess the decision was on the end not to include the certificate. There is an interesting point I noticed: that the PKI certificates do not have a scale to say how much we trust a certificate or a root certificate, it is either "fully trust" or "no trust at all". If that existed, perhaps they could have accepted cacert.org. And I'm reminded by comments on the media about "secure e-commerce", on which they tell people that when they see the "lock" icon, a web page is secure, and their money is secure, when it is not. That "lock" icon doesn't really guarantee any of that. It simply means that a certificate authority thinks that they are who they say they are. We still need to personally verify that if we find a link for the bank of London, it really is the page of that bank, and that the bank is a real one. Once we verify that, on the next connections we do to the site the lock would say that the situation regarding the site has not changed... probably. Sigh... bewildering situation. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlP+QiEACgkQtTMYHG2NR9UBYwCfRdJxN2aFwb3i7EYhySPYh+5F k/sAn09OxU4Hlp12asp9vANSUHdb/740 =vj7A -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org