Carlos E. R. wrote:
On 2014-08-27 17:34, Robert Kaiser wrote:
Andrei Borzenkov schrieb:
I recently was given a URL that was signed by http://www.cacert.org;
...
See https://bugzilla.mozilla.org/show_bug.cgi?id=215243 and the thread listed in its whiteboard if you want to dig into the meant of this long-winded story.
Wow. Long one. I got tired reading at about post 50 (year 2004), and there are 191 (year 2009). I guess the decision was on the end not to include the certificate.
There is an interesting point I noticed: that the PKI certificates do not have a scale to say how much we trust a certificate or a root certificate, it is either "fully trust" or "no trust at all". If that existed, perhaps they could have accepted cacert.org.
There are different certificates out there - the EV certificates involve more checking/documentation/authentication - when FF sees an EV certificate, the bit to the left of the URL ("Verified by") goes green (e.g. https://www.joker.com), otherwise it's blue (e.g. https://www.linkedin.com/).
And I'm reminded by comments on the media about "secure e-commerce", on which they tell people that when they see the "lock" icon, a web page is secure, and their money is secure, when it is not. That "lock" icon doesn't really guarantee any of that. It simply means that a certificate authority thinks that they are who they say they are.
Plus that the connection is (mostly) secure. -- Per Jessen, Zürich (12.9°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org