-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-08-28 09:04, Andreas Schwab wrote:
"Carlos E. R." <> writes:
There is an interesting point I noticed: that the PKI certificates do not have a scale to say how much we trust a certificate or a root certificate, it is either "fully trust" or "no trust at all". If that existed, perhaps they could have accepted cacert.org.
Is there a difference between "partial trust" and "no trust"?
Well, yes :-) I could use a lower trust certificate for an email site, or even for sites such as some of the opensuse.org sites, which often use self-certificates, which are no trust at all. Try https://www.opensuse.org/en/ ;-) The certificate triangle is light grey with an exclamation sign. Page info says "verified by: not specified". If I connect to my bank I see a grey padlock instead. With paypal, I see a green padlock. Some other sites where developing work for opensuse is made (and some opensource sites) use self signed certificates. Using a lower trust authority would be better than me having to verify somewhat that they are what they say they are and add exceptions manually. It would be acceptable to me to know when a connection certificate is verified by a "industry accepted organization", or one that doesn't pass all the tests. If, on the current system, I add cacert, I could open a financial page and not notice that the certificate comes from them, and that would be "/dangerous/". So yes, there are indeed grades of trust, but PKI doesn't have them. PGP does. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlP/F5sACgkQtTMYHG2NR9XkgQCgklzfEASACE7sTZuCheUW8fjn o5sAnisXujHiAi3Q7WA+BkxzZ8rDZ27/ =D2VV -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org