#20254: Inclusion of CAcert certificates into the ca-certificates package
------------------------+------------------------
Reporter: Borromini | Owner: developers
Type: defect | Status: new
Priority: normal | Milestone:
Component: packages | Version:
Resolution: | Keywords:
------------------------+------------------------
Comment (by anonymous):
i'd vote against this, at least until either (1) or (2) is resolved:
1. the Mozilla root cert store does not include this CA
2. the Microsoft root cert store does not include this CA
3. CAcert is not audited yet by an auditor that would meet the
requirements of Mozilla and/or Microsoft
http://wiki.cacert.org/InclusionStatus
https://bugzilla.mozilla.org/show_bug.cgi?id=215243
https://wiki.mozilla.org/CA:BaselineRequirements
and most importantly of all
4. those ROOT certificates are served over an unencrypted, untrusted
connection. Even when trying to switch to https for access, their server
is insecure.
This Connection is Untrusted
You have asked Firefox to connect securely to www.cacert.org, but we can't
confirm that your connection is secure.
www.cacert.org uses an invalid security certificate. The certificate is
not trusted because it was signed using a signature algorithm that was
disabled because that algorithm is not secure. (Error code:
sec_error_cert_signature_algorithm_disabled)
5.
https://www.ssllabs.com/ssltest/analyze.html?d=cacert.org
--
Ticket URL: <https://dev.openwrt.org/ticket/20254#comment:1>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
