On Tue, 25 Sep 2007 20:57:48 +1200 Christopher Sawtell <[EMAIL PROTECTED]> wrote:
> If you look in the file /etc/ca-certificates.conf you will see the > names of all the Cert Authorities which your browser will recognise. > Adding a certificate yourself is not exactly mind-boggling science. > > imho, this whole CA lark is just that. A lark to wrought money out of > the ignorant and innocent. Indeed. > > The only certificates you should trust are those issued by the people > with whom you have a relationship of trust. Not for a moment a bunch > of American Corporates which have poncy names and have made giga-pots > of money! I really do not know any of them, so why should I trust > them for even a moment to say that some A. N. Other is trustworthy? Well, except that one of the biggest is South African, when he's not in space (: And the reason you can trust them to some extent is that they put their money where their mouth is. > > Honest, I'd trust the immediate parent poster orders of magnitude more > than a bunch of Yanks, totally unknown to me, who's sole qualification > seems to be that they have garnered Giga-Dollars out of the rest of > the world. Exactly how does that equate with being trustworthy? Money! > > You see, I have at least met and vagely know the said Volker Kuhlmann, > and although it's probably not much to do with being a CA he's got a > great sense of humour. That's the huge difference between the two. One says 'you can trust us, we all know each other', and the other adds 'but if I've made a mistake, I promise to pay you loads of money' When securing your business identity online, which will you chose... even if it may be an empty promise ( and I have no knowledge whether it is or not, I hasten to add )? When I look at the cacert site, all I see is a front end to a number of commonly available scripts, and well documented procedures. I just don't get the difference between them doing it or me. Neither of us has any accountability above saying oops if we're wrong. Just my $0.02, Steve
