Carlos E. R. wrote:
On 2014-08-28 09:04, Andreas Schwab wrote:
"Carlos E. R." <> writes:
There is an interesting point I noticed: that the PKI certificates do not have a scale to say how much we trust a certificate or a root certificate, it is either "fully trust" or "no trust at all". If that existed, perhaps they could have accepted cacert.org.
Is there a difference between "partial trust" and "no trust"?
Well, yes :-)
I could use a lower trust certificate for an email site, or even for sites such as some of the opensuse.org sites, which often use self-certificates, which are no trust at all.
Not quite - in those cases, it is up to the user to decided if he wants to trust the issuer. There is no chain of trust.
Some other sites where developing work for opensuse is made (and some opensource sites) use self signed certificates. Using a lower trust authority would be better than me having to verify somewhat that they are what they say they are and add exceptions manually.
We're going off topic, but I disagree. It's better to ask you to decide for yourself than suggest you use a "lower" chain of trust. Besides, self-signed certificates are more often about securing the communication than identifying the website owner. -- Per Jessen, Zürich (12.9°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org