Gentoo Archives: gentoo-dev

From: "Hanno Böck" <hanno@g.o>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] SSL-Certificates and CAcert
Date: Thu, 27 Sep 2007 15:35:15
1 Hi,
3 Everytime I'm sending out a mail with my, I get
4 this "certificate may be unsecure" message. Gentoo mailserver (and forums,
5 bugzilla and probably many more) use self-signed ssl-certificates.
7 Well, I hope I don't have to tell that self-signed certs are not really good
8 security policy. Imho, having those "pay lots of $/€"-certs also isn't a very
9 good option, because obviously "security for the ones who pay a lot" isn't a
10 good idea either.
12 I think most of you know that there's CAcert, a "free" certificate authority.
13 While it's sadly not free in a "free software" sense (their own software
14 isn't released under a free license, though I hope that will change at some
15 point in the future), it uses a web-of-trust-based concept for trust and
16 issues certificates with no costs.
18 I think compared to self-signed, having cacert-certificates would be a big
19 improvement. Many other free software projects (and more and more other
20 pages) use cacert, so it becomes more and more likely that people will
21 already have the cacert-root-cert installed.
23 --
24 Hanno Böck Blog:
25 GPG: 3DBD3B20 Jabber: hanno@××××××.de


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-dev] SSL-Certificates and CAcert "Petteri Räty" <betelgeuse@g.o>
Re: [gentoo-dev] SSL-Certificates and CAcert Andrew Gaffney <agaffney@g.o>
Re: [gentoo-dev] SSL-Certificates and CAcert "Robin H. Johnson" <robbat2@g.o>