1 |
Hi, |
2 |
|
3 |
Everytime I'm sending out a mail with my gentoo.org-address, I get |
4 |
this "certificate may be unsecure" message. Gentoo mailserver (and forums, |
5 |
bugzilla and probably many more) use self-signed ssl-certificates. |
6 |
|
7 |
Well, I hope I don't have to tell that self-signed certs are not really good |
8 |
security policy. Imho, having those "pay lots of $/€"-certs also isn't a very |
9 |
good option, because obviously "security for the ones who pay a lot" isn't a |
10 |
good idea either. |
11 |
|
12 |
I think most of you know that there's CAcert, a "free" certificate authority. |
13 |
While it's sadly not free in a "free software" sense (their own software |
14 |
isn't released under a free license, though I hope that will change at some |
15 |
point in the future), it uses a web-of-trust-based concept for trust and |
16 |
issues certificates with no costs. |
17 |
|
18 |
I think compared to self-signed, having cacert-certificates would be a big |
19 |
improvement. Many other free software projects (and more and more other |
20 |
pages) use cacert, so it becomes more and more likely that people will |
21 |
already have the cacert-root-cert installed. |
22 |
|
23 |
-- |
24 |
Hanno Böck Blog: http://www.hboeck.de/ |
25 |
GPG: 3DBD3B20 Jabber: hanno@××××××.de |