[Psi-devel] OT: CACert included in Kubuntu?
Justin Karneges
justin-psi2 at affinix.com
Tue Nov 28 15:09:27 PST 2006
On Tuesday 28 November 2006 1:37 pm, Dan Ohnesorg wrote:
> > I find this a bit concerning. CA Cert might be great, but even Mozilla
> > has not accepted them as far as I know. I'm not sure how Kubuntu can
> > justify this, when I doubt they have nearly the security policies as
> > Mozilla.
>
> Also Debian has accepted CA cert certificates,
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=213086, so ubuntu and
> kubuntu automatically accepts them too. I expect that mozilla will accept
> them too, we need just some more time. The CAcert certificates are more
> trustfull than many others, which are already presented in chains.
I don't think it is fair to call CAcert more trustworthy. Presently, WebTrust
certification is used to determine what counts as a root CA, and the simple
fact is that CAcert has not been certified. I'm not sure what Debian is
thinking here.
StartCom ( http://cert.startcom.org/ ) looks interesting. It is free like
CAcert, yet also certified and already going into browsers.
> Best security practice is removing all certificates and use only some of
> them.
And unfortunately a usability nightmare. :(
-Justin
More information about the psi-devel
mailing list