| 1 |
Hi, |
| 2 |
|
| 3 |
Everytime I'm sending out a mail with my gentoo.org-address, I get |
| 4 |
this "certificate may be unsecure" message. Gentoo mailserver (and forums, |
| 5 |
bugzilla and probably many more) use self-signed ssl-certificates. |
| 6 |
|
| 7 |
Well, I hope I don't have to tell that self-signed certs are not really good |
| 8 |
security policy. Imho, having those "pay lots of $/€"-certs also isn't a very |
| 9 |
good option, because obviously "security for the ones who pay a lot" isn't a |
| 10 |
good idea either. |
| 11 |
|
| 12 |
I think most of you know that there's CAcert, a "free" certificate authority. |
| 13 |
While it's sadly not free in a "free software" sense (their own software |
| 14 |
isn't released under a free license, though I hope that will change at some |
| 15 |
point in the future), it uses a web-of-trust-based concept for trust and |
| 16 |
issues certificates with no costs. |
| 17 |
|
| 18 |
I think compared to self-signed, having cacert-certificates would be a big |
| 19 |
improvement. Many other free software projects (and more and more other |
| 20 |
pages) use cacert, so it becomes more and more likely that people will |
| 21 |
already have the cacert-root-cert installed. |
| 22 |
|
| 23 |
-- |
| 24 |
Hanno Böck Blog: http://www.hboeck.de/ |
| 25 |
GPG: 3DBD3B20 Jabber: hanno@××××××.de |
Archives