home | list info | list archive | date index | thread index

Re: [OCLUG-Tech] CACert - free digital certificates

  • Subject: Re: [OCLUG-Tech] CACert - free digital certificates
  • From: "Dan Langille" <dan [ at ] langille [ dot ] org>
  • Date: Fri, 03 Jun 2005 10:08:36 -0400
On 3 Jun 2005 at 9:27, Adrian Irving-Beer wrote:

> On Thu, Jun 02, 2005 at 03:30:19PM -0400, Bill Strosberg wrote:
> 
> > CA-issued certs & automatic browser inclusion of root certs always
> > have been a thorn in my side.  Why should anyone trust someone else
> > because they paid a third party to say they are who they are? (even
> > if they lied).
> 
> The original (primary) idea was that the cert companies verify who you
> are, sort of like PGP.
> 
> The (secondary) idea was to prevent man-in-the-middle attacks by
> ensuring that the 'in the middle' guy has to a) at least expend
> more effort trying to get a similar certificate, and b) hopefully not
> succeed.
> 
> Obviously, I have no idea if either of these are still being practiced
> by the companies in question.

So... about CACert....

What do you think about them?
-- 
Dan Langille : http://www.langille.org/
BSDCan - The Technical BSD Conference - http://www.bsdcan.org/