On Mon, 2009-03-30 at 11:42 -0500, Bruno Wolff III wrote: > On Mon, Mar 30, 2009 at 09:18:45 -0700, > Craig White <craigwhite@xxxxxxxxxxx> wrote: > > ---- > > I agree that you are discussing the present day practical limitations > > but the concept of an open certificate authority would seem to defeat > > most, if not all of the problems of a corporate certificate authority > > such as Verisign or Thawte, etc. It would seem that those who harbor > > those concerns should join openca.org, help it reach critical mass, help > > it get root certificates installed in browsers by default, etc. > > That isn't the real issue. I am not going to trust OpenCA any more than I > trust Versign or Thawte now. (i.e. if they have their certs in by default, > it just makes more certs for me to remove.) > What really needs to happen is a more sensible way of handling ssl connections. > What Firefox currently does is rediculous. ---- I'm not sure that I agree with you at all but your being vague. If I assume that you are talking about the way Firefox handles untrusted certificates with their alert and requires you to 'get the certificate' and accept & store or merely temporarily accept, then I disagree...I very much like the way they are handling untrusted certificates. By contrast, the way most portable devices such as iPhones, Blackberries, etc. handle untrusted certificates glosses over these details to the point of scary. I'm not sure at all what you are accomplishing by removing the normally trusted root certificates. Craig -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines