I should note some Linux distributions, such as Debian and Fedora include the CAcert root certificate so having it won't be quite so bad as having just a totally self-signed certificate. Michael
On Fri, Sep 12, 2008 at 8:16 PM, Noah Slater <[EMAIL PROTECTED]> wrote: > On Fri, Sep 12, 2008 at 10:55:10PM +0200, Sylvain Beucler wrote: >> > I've put in the order for both savannah.gnu.org and savannah.nongnu.org. >> > So I hope we'll get them soon. >> >> OK, there's a plan to use CAcert.org. I'd rather do instead of wasting >> money on "trust". > > I agree that the whole SSL certificate industry is a farce, but unfortunately > there doesn't seem to be any other option for improving the user experience. > > From the Wikipedia article on CAcert: > > As of 2005, certificates issued by CAcert are not as useful in web browsers > as > certificates issued by commercial CAs such as VeriSign, because most > installed > web browsers do not distribute CAcert's root certificate. Thus, for most web > users, a certificate signed by CAcert behaves like a self-signed > certificate. There was discussion for inclusion of CAcert's root certificate > in > Mozilla and derivatives (such as Mozilla Firefox) but it was closed without > including it, at the end of April 2007. > > Given the low price of a "trusted" certificate, I would be interested to know > how it could be considered an improvement on the current state of affairs. > > Best, > > -- > Noah Slater, http://bytesexual.org/nslater > > >
