Re: Web of Trust (a revolution)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Craig White:
>>> http://www.openca.org/

Tim:
>> Though that leaves you with a few problems:  
>> 
>> Few clients recognise them as an authority  ... (and) ...  not so
>> trustworthy trusting

Craig White:
> I agree that you are discussing the present day practical limitations
> but the concept of an open certificate authority would seem to defeat
> most, if not all of the problems of a corporate certificate authority
> such as Verisign or Thawte, etc. It would seem that those who harbor
> those concerns should join openca.org, help it reach critical mass, help
> it get root certificates installed in browsers by default, etc.

I agree it would be nice to bring in something better than some of the
existing systems, but I see two big problems in getting yet another root
certificate adopted:  

Just how many root certificates are software builders willing to add?
If they feel the list is getting too big (I'm sure there must be lots of
small certificate authorities, or organisations that want to be one),
they may settle for the *just* ones they feel are most important.

That sort of decision would be based on popularity (a problem you'd like
to see overcome, and could be overcome, given enough of a push, but
whether we have the numbers is another matter), and whether the
certificate authority is effective enough to support (i.e. why add any
root certificate that proves very little).

Then there's trying to convince organisations to use less trust worthy
root certificates.  Who wants their service to be flagged by web
browsers as "encrypted but a bit risky"?

It's perceptual, and ignoring the fact that existing, apparently better
certificates, are currently used by some services that don't prove who
they are any better than the lesser known root certificates.  But that's
the point of certificates - how things *look* to the casual observer.

-- 
[tim@localhost ~]$ uname -r
2.6.27.19-78.2.30.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.



-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux