[Bug 474549] Review Request: ca-cacert.org - CAcert.org CA root certificates

Wed Nov 2 09:12:10 UTC 2011

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=474549

--- Comment #48 from Philipp Dunkel <p.dunkel at cacert.org> 2011-11-02 05:12:05 EDT ---
(In reply to comment #46)
> (In reply to comment #45)
> > (In reply to comment #44)
> > > (In reply to comment #43)
> > > > All CAs typically do not give
> > > > permission to rely, unless you enter into a Relying Party Agreement.  (Google
> > > > knows...)
> > > 
> > > Wrong.
> > 
> > Backspace... Your statement is true, but the point is that StartCom and
> > VeriSign (as two examples) offer general RPAs that permit unrelated parties to
> > rely under certain conditions, while CAcert does not.
> 
> Well actually CAcert does the same thing. If you want to rely on a StarCom or
> Verisign Cert you need to enter into their separate Relying Party Agreement. If
> you want to rely on a CAcert Certificate you have to enter into the CCA
> http://www.cacert.org/policy/CAcertCommunityAgreement.php
> 
> So where is the difference?

The difference is that CAcert makes it explicit that you are entering an
agreement.

Verisign sais:

1. Term of Agreement. This Agreement becomes effective when you submit a query
to search for a VeriSign Certificate, or rely on any VeriSign Information in
the manner set forth in the preamble above. This Agreement shall be applicable
for as long as you use and/or rely on such VeriSign Information. 

So just by navigating to a site with you browser that uses a cert from Verisign
and having your browser do what it was designed to do you enter an agreement
with them?  Talk about fine print!

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.