David Woolley writes: > On 20/11/13 03:34, Harlan Stenn wrote: > > > > > We use certificates generated and signed by CAcert.org . Their class 1 > > and class 3 certificates are not included by default in many places yet. > > > > You probably just need to install these certificates: > > > > https://www.cacert.org/index.php?id=3 > > Only after clearing it with your IT department. Whilst CACert may well > be less risky than some of the more obscure ones trusted by Windows, > more security conscious IT departments may well disable many of the > default Windows ones. > > > > > I thought there was a note to this effect on the website but I'm not > > finding that now. > > Telling people to reduce security without explaining the security > implications is a bad idea.
Where am I telling folks to reduce security? > Most end users will go for convenience, rather than make a proper, > informed, decision. (Every new root certificate increases the number > of sites you trust and therefore reduces your security.) Getting a certificate from an entity that alraedy has them in the browsers costs money. There was one place that didn't charge, and there were some other issues (that I don't recall offhand) that prevented us from converting to them. If this is a significant deal to enough folks, they can always donate $ to NTF and we can pay for these other certs. -- Harlan Stenn <[email protected]> http://networktimefoundation.org - be a member! _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
