Dave O'Neill wrote: > On Thu, Jun 02, 2005 at 02:49:20PM -0400, Kevin Everets wrote: > > >>Happen to know which browsers recognize CACert? If only esoteric ones >>do, then there doesn't seem to be much point. > > > Well, Mozilla doesn't: https://bugzilla.mozilla.org/show_bug.cgi?id=215243 > > Dave > _______________________________________________ > Linux mailing list > Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > http://www.oclug.on.ca/mailman/listinfo/linux <preaching target="OCLUG-Tech"> CA-issued certs & automatic browser inclusion of root certs always have been a thorn in my side. Why should anyone trust someone else because they paid a third party to say they are who they are? (even if they lied). As users become more educated by painful fraud & identity theft, they'll start to realize the current system isn't working for anyone other than Verisign and their cohorts. I hate the general idea of someone setting themselves up as TrustCo and inserting themselves into browsers as root cert issuers. All pre-installed root certs are is a way of "helping" brain dead users avoid the issue of deciding who to trust on their own, and accepting the responsibility for doing so. I don't think it is actually helping anyone - rather it is creating a climate for disaster, and we're already seeing the first casualties. Make 'em verify the chain of authority and review identity on every site they have a need to make an SSL/TLS connection to! The current "money-makes-you-trustable" trust model sucks. </preaching> -- Bill Strosberg