-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-06-16 10:33, Basil Chupin wrote:
I am of the cautious type. Not paranoid, just cautious :-) .
When you setup a site with a certificate, you can go to a veritable certificate agency and buy one, for good money. Then it will work straight in any browser.
Or you can buy it from a cheaper agency - but it may happen that the said agency does not have its master certificate installed in all browsers: then when some one goes to your site the browser will not be able to follow the chain of trust and they will see that warning message.
Or you can create your own master certificate and site certificates, for no money - and users end in the same situation as above, they have to import the master certificate from you as well.
The situation is secure, depending on what you want it for. For money, absolutely not. If your network is insecure, someone might give you a false master certificate. If you simply want to do free software things, accept that master certificate and accept that berlios and others do not want to pay money to the certificate agencies, that's all.
There are cases. In Spain, our government has its own certificate agency which master certificate is not included in Firefox list. Are those certificates confiables? Yes, of course, but we have to trust them initially and add their master certificate. And this certificates are indeed used for money matters.
Why the Spanish agency (FNMT) certificate is not included in FF list? No idea, perhaps because they did not bother to ask, perhaps because it is valid for Spain only...
- -- Cheers / Saludos,
Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar)