[Psi-devel] OT: CACert included in Kubuntu?
Trejkaz
trejkaz at trypticon.org
Thu Nov 30 04:12:14 PST 2006
On Wednesday 29 November 2006 10:15, Maciek Niedzielski wrote:
> Justin Karneges wrote:
> >> Best security practice is removing all certificates and use only some of
> >> them.
> >
> > And unfortunately a usability nightmare. :(
>
> I'd like to see VeriSign helpdesk's face when someone (normal user!)
> called them to ask for the fingerprint ;)
But there is a damn good point here. How do we know if the key for "Verisign"
on my machine right now was actually made by them? And do I even trust a
corporation in the first place? (Didn't they make an enormous screw-up a
while back?)
TX
--
Email: trejkaz at trypticon.org
Jabber ID: trejkaz at trypticon.org
Web site: http://trypticon.org/
GPG Fingerprint: 9EEB 97D7 8F7B 7977 F39F A62C B8C7 BC8B 037E EA73
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.affinix.com/pipermail/psi-devel-affinix.com/attachments/20061130/bb9b75c5/attachment.pgp
More information about the psi-devel
mailing list