Mailinglist Archive: opensuse-factory (1134 mails)

< Previous Next >
Re: [opensuse-factory] preliminary release notes update for 12.2
Hash: SHA1

On 2012-06-16 10:33, Basil Chupin wrote:

I am of the cautious type. Not paranoid, just cautious :-) .

When you setup a site with a certificate, you can go to a veritable
certificate agency and buy one, for good money. Then it will work
straight in any browser.

Or you can buy it from a cheaper agency - but it may happen that the said
agency does not have its master certificate installed in all browsers:
then when some one goes to your site the browser will not be able to
follow the chain of trust and they will see that warning message.

Or you can create your own master certificate and site certificates, for
no money - and users end in the same situation as above, they have to
import the master certificate from you as well.

The situation is secure, depending on what you want it for. For money,
absolutely not. If your network is insecure, someone might give you a
false master certificate. If you simply want to do free software things,
accept that master certificate and accept that berlios and others do not
want to pay money to the certificate agencies, that's all.

There are cases. In Spain, our government has its own certificate agency
which master certificate is not included in Firefox list. Are those
certificates confiables? Yes, of course, but we have to trust them
initially and add their master certificate. And this certificates are
indeed used for money matters.

Why the Spanish agency (FNMT) certificate is not included in FF list? No
idea, perhaps because they did not bother to ask, perhaps because it is
valid for Spain only...

- --
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 "Celadon" at Telcontar)
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla -

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >