On Thu, Nov 30, 2006 at 02:09:27PM -0800, James G. Sack (jim) wrote: > Relying on any such "authority" as is provided built-into browsers, > seems shaky strategy (at best). Why should I trust the certs of the CAs > themselves -- the only argument is that the software vendors, and hence, > a lot of other people do. As you say, trusting the reliability of the > CA's certification process is a second weak link.
How about if there was //one// CA you liked and you just trusted anything signed //only// by them? Then you would only have to import their cert into your browser to be golden!? > Lacking private capabilities, I would guess that web-of-trust systems > might be more sensible than a common authority system. I'm not familiar with the web of trust but would business go for it? Chris -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
