P.N. wrote: >I wonder, why cacert (http://www.cacert.org/) isn't installed >as a certificates issuer - any problems with it? >Can I trust it, or shouldn't I for some reason?
Starting last Summer, there has been quite a dust-up over the way Gecko handles certs. http://google.com/search?q=cache:8lx1VCVm4jwJ:slashdot.org/article.pl?sid=08/08/04/0058217+*-website-*-using-*-self-signed-*.*.*.*.*-*.*-*.*+*-*-bundle-*-*-*-*-*+migrate-away-*-*.*-*+hey-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*+*-pretending+*-*-little-sense+not-just-*-paying-customers+*-*-*-*-*-*-*.*.*.*.*.*-*.and-no-certificate+*-click-four-times-*-*-*-*-*-*-*-*+*-*-almost-useless-*-*-*-*+inc+inc+inc+looks.MORE.scary.and.LESS.secure#24465811 The Mozilla Foundation has caught Hell for it. Mostly it's a lot of scaremongering on the part of the Gecko guys. A number of the **pre-approved** CAs are steaming piles of fraud. The certificates from many of those (which you accept by default)... http://google.com/search?q=cache:sUyg-LAHMs4J:ask.slashdot.org/article.pl?sid=08/07/18/1721234+authorized+Mozilla+Thats-more-*-*-*+*-*-*-*-*-*-throwaway-address+*-*-*-scammer-*-*-*-*+no.difference+verification+supposed+hypothetical+exploited+*-difference-*-*-key-*-*-*+free+*-*-*-*-*-audited-*-*-*-*-*-*-*-*-*-*-*+*-nothing+Verisign+rss+actual+gentle+validated-to-your-*-identity+loose+accountability+StartSSL+CACert#24246653 (different spot on the same page) http://google.com/search?q=cache:sUyg-LAHMs4J:ask.slashdot.org/article.pl?sid=08/07/18/1721234+authorized+Mozilla+Thats-more-*-*-*+*-*-*-*-*-*-throwaway-address+*-*-*-scammer-*-*-*-*+no.difference+verification+supposed+hypothetical+exploited+*-difference-*-*-key-*-*-*+free+*-*-*-*-*-audited-*-*-*-*-*-*-*-*-*-*-*+*-nothing+Verisign+rss+actual+gentle+validated-to-your-*-identity+loose+accountability+StartSSL+CACert#24247037 ...are actually WORSE than the ones from CACert. (another spot on that page) http://google.com/search?q=cache:sUyg-LAHMs4J:ask.slashdot.org/article.pl?sid=08/07/18/1721234+authorized+Mozilla+Thats-more-*-*-*+*-*-*-*-*-*-throwaway-address+*-*-*-scammer-*-*-*-*+no.difference+verification+supposed+hypothetical+exploited+*-difference-*-*-key-*-*-*+free+*-*-*-*-*-audited-*-*-*-*-*-*-*-*-*-*-*+*-nothing+Verisign+rss+actual+gentle+validated-to-your-*-identity+loose+accountability+StartSSL+CACert#24247167 ...and as has been mentioned, CACert is on the cusp of being included by default. _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey