[Bug 474549] Review Request: ca-cacert.org - CAcert.org CA root certificates
bugzilla at redhat.com
bugzilla at redhat.com
Fri Nov 4 05:12:34 UTC 2011
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=474549
--- Comment #56 from Matt McCutchen <matt at mattmccutchen.net> 2011-11-04 01:12:29 EDT ---
(In reply to comment #55)
> Your term
> "relying" is what we call USE from CAcert's lexicon.
No, it isn't. By "rely", I mean to proceed with a transaction with a party on
the basis of a certificate presented by the party, where I would face risk or
loss if the claims in the certificate are untrue. This includes my browser's
decision to complete an SSL connection to a server, which can result in
transmission of confidential information to the server or lead me to act based
on information received from the server, putting me at greater risk if the
server is not one authorized by the registrant of the DNS name I requested.
StartCom and VeriSign let me do this anonymously at my own risk if I validate
the certificate; CAcert requires me to register and agree to potential
liability of 1000 euros via its arbitration process.
"USE" as you define it is quite useless: if I am not permitted to rely on a
certificate, it is no better than self-signed. So the CAcert RDL is
significantly farther from "free" with respect to use (lowercase) than the
StartCom and VeriSign licenses. And we're deluding ourselves if we think
offering the CAcert root in Fedora would lead to anything but massive violation
of the prohibition on reliance.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the package-review
mailing list