Right then, if you are all saying that my premise (perhaps some CAs
deliver certificates for domains that are not actually demonstrably
owned by the requester) is utterly wrong, and that the myriad of CAs we
provide by default are all trustworthy, then the system is, I guess,
trustworthy.
Right then, if you are all saying that my premise (perhaps some CAs
deliver certificates for domains that are not actually demonstrably
owned by the requester) is utterly wrong, and that the myriad of CAs we
provide by default are all trustworthy, then the system is, I guess,
trustworthy.
Just
However, I've been told that the Certificate Authorities system is
fundamentally flawed, in the sense that CAs don't communicate with each
other, any of them can sign for any domain name, and I've been told some
CAs are quite un-trustworthy. This is a scary prospect.
Are you saying that a
Le dimanche 09 septembre 2012 à 22:40 -0400, Jeff Fortin a écrit :
Hi there,
As far as I can tell, Evolution uses a default set of SSL certificate
authorities.
[...]
Will the user get (I hope) a big scary SOMETHING IS VERY WRONG warning
like SSH does when server fingerprints don't match?
On Mon, 2012-09-10 at 10:26 +0200, Bastien Durel wrote:
As users (mostly) ignore security warnings[1], it should be useless,
IMHO.
Nice, didn't know that paper. I normally point to
http://www.cs.auckland.ac.nz/~pgut001/pubs/phishing.pdf page 5 as
another quick explanation of the effect of such
On Mon, 2012-09-10 at 10:26 +0200, Bastien Durel wrote:
Le dimanche 09 septembre 2012 à 22:40 -0400, Jeff Fortin a écrit :
As users (mostly) ignore security warnings[1], it should be useless,
IMHO.
SSH does not targets same users than browsers or mail readers, so users
are more likely to
Hi there,
As far as I can tell, Evolution uses a default set of SSL certificate
authorities.
However, I've been told that the Certificate Authorities system is
fundamentally flawed, in the sense that CAs don't communicate with each
other, any of them can sign for any domain name, and I've been