Hi, Everytime I'm sending out a mail with my gentoo.org-address, I get this "certificate may be unsecure" message. Gentoo mailserver (and forums, bugzilla and probably many more) use self-signed ssl-certificates.
Well, I hope I don't have to tell that self-signed certs are not really good security policy. Imho, having those "pay lots of $/€"-certs also isn't a very good option, because obviously "security for the ones who pay a lot" isn't a good idea either. I think most of you know that there's CAcert, a "free" certificate authority. While it's sadly not free in a "free software" sense (their own software isn't released under a free license, though I hope that will change at some point in the future), it uses a web-of-trust-based concept for trust and issues certificates with no costs. I think compared to self-signed, having cacert-certificates would be a big improvement. Many other free software projects (and more and more other pages) use cacert, so it becomes more and more likely that people will already have the cacert-root-cert installed. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber: [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part.