Re: Seeking officers for Free-software-friendly CA

[Nicolas Roumiantzeff]

>One problem with this scenario - the user is still essentially trusting
YOUR server instead of the CA. By trusting your server to install the proper
CERT you are no worse (to the user) than using a self-signed CERT (which we
do).


Lee,

I dont see your point:

First, you mean "you are no BETTER than usig a self-signed CERT" right?

Second, the user is not trusting the web server (nor the internet) to instal
the new CA cert because the user downloads a signed ActiveX or signed
plug-in. So I still think the user ONLY needs to trust:

- His computer (in any case)
- His browser (this includes trusting Netscape or Microsoft and the way he
got it)
- Verisign (or an other pre-installed CA)
- the new CA

Maybe you could elaborate...

Nicolas Roumiantzeff.

Note: in the meantime I poped a message from Pete Chown describing an analog
(same?) solution on the same thread.



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]