-slightly off topic mail alert-
> Remember their are other software browsers, but I would guess most of them
> just copy the list that netscape uses rather than going through some
> verificcation process to select rootCAs for the software.
I think that would depend on the commercial value of being in the root
CA repository of a browser. Anyway, the real thing that becomes clear
is that the only reason the to-be-trusted CA's come with Netscape/IE is
because they pay money. No easily found selection process they need to
go through.
The big question: why trust <fill in your favourite commercial
certificate provider here (entrust, baltimore, thawte, verisign, or one
of their mergers)>?
primary answer: because they payed a lot of money to be in that
preconfigured store
now, that is not a good basis for trust. And there we come on topic
again: deploying your CA is fine, but how do you get the users to trust
your CA certificate in a sensible way? Oh well, lots of strategies and
implementations for that ;).
Jan
_________________________________________________________________
OpenCA - Users Support Mailing List [EMAIL PROTECTED]
