[ ... ]
> > >> imho, this whole CA lark is just that. A lark to wrought money out of
> > >> the ignorant and innocent.
> > >
> > > Ack, the certificate mafia holding everyone at gunpoint. They do provide
> > > a necessary service (it solves 2) above), but not at a price remotely
> > > proportionate to the cost of providing it.
> > >
> > >> of money! I really do not know any of them, so why should I trust
> > >> them for even a moment to say that some A. N. Other is trustworthy?
> > >
> > > Their promises as to a 3rd party identity may not be worth much, but
> > > epsilon divided by 0 is still infinitely more than 0 ... :)
> > >
> > > There are 2 different cases we need to keep distinguishing here: I set
> > > up a website for a limited target audience each member of which I can
> > > personally provide with a certificate. Nothing will beat my self-made
> > > self-signed certificate. The other is where there can not be a personal
> > > relationship between 2 parties, hence the delegation of trust to a trust
> > > network.
> > >
> > > Coming back to CAcert, I'm afraid their website doesn't inspire me with
> > > more confidence than a cert issued by Verislime&Co(TM), their idea is
> > > good though, although the current state of affairs is not much better
> > > with using a CAcert instead of a seld-made one, AFAICT. The previously
> > > referenced Mozilla bug is donkeys years old and the CAcert CA still
> > > isn't in Mozilla.
Probably with good reason.
1) There is absolutely no indication of who they are, apart from being
a NSW registered NGO.
2) There is no indication of any real world presence.
3) CAcert's web pages didn't inspire any confidence in CAcert for me.
Their website is completely chaotic to say the least.
All that said, I applaud the ideas and ideals behind what CAcert is
trying to do. They just need to find a benefactor who can provide the
$$$ to make it all happen. Perhaps they should look to providing
certificates for a price which relates to the costs of providing the
service, rather than to the maximium that the market will bear,
instead of trying to provide a service gratis.
The main problem with certificates is that the separate functions they
provide have become totally confused in the lay web user:-
1) Privacy of transmission.
Piece of cake, now-a-days any half decent geek can provide that.
2) Certification that the web site is truly that of the organisation
it purports to be.
Much, much harder. Phishing would have never become an issue were it easy.
3) Providing a guarantee that the people running the business behind
the web site
are 'Honourable Gentlemen'.
Completely impossible.
That's my take on this Certificate Lark.
--
Sincerely etc.
Christopher Sawtell
