On Tue, 2008-07-22 at 14:53 +0200, Joachim Steiger wrote: > jfyi... try finding out WHY mozilla does trust verisign and not > ca-cert... the result is quite unfunny and can be described in short as > 'when mozilla still was netscape4, verisign had a suitcase of money with > them to get their ca in there'. > so its not about trust, its about money. simple as that.
This is not true, see mozilla website: "We will not charge any fees to have a CA's certificate(s) distributed with our software products." [1] No security is perfect, we would have to move back to to tiny villages where we know each other from birth till death for near perfect authentication. Having trusted signatures in my browser preinstalled makes lots of sense, as it makes a man-in-the-middle-attack a lot more difficult. [1] http://www.mozilla.org/projects/security/certs/policy/ _______________________________________________ devel mailing list devel@lists.openmoko.org https://lists.openmoko.org/mailman/listinfo/devel
