Web of Trust (a revolution)
Craig White
craigwhite at azapple.com
Mon Mar 30 16:18:45 UTC 2009
On Tue, 2009-03-31 at 02:22 +1030, Tim wrote:
> On Mon, 2009-03-30 at 08:24 -0700, Craig White wrote:
> > http://www.openca.org/
>
> Though that leaves you with a few problems:
>
> Few clients recognise them as an authority. If they want to use them,
> users have to figure out how to add their root certificate (if they
> can). And that's not just *you*, but the person you want to converse
> with.
>
> And even then, that leaves ordinary users with not so trustworthy
> trusting (certificates issued without much vetting, and there's users
> who have no way to prove who they really are to get a really good
> certificate), and users just unthinkingly okaying not so trustable
> certificates.
----
I agree that you are discussing the present day practical limitations
but the concept of an open certificate authority would seem to defeat
most, if not all of the problems of a corporate certificate authority
such as Verisign or Thawte, etc. It would seem that those who harbor
those concerns should join openca.org, help it reach critical mass, help
it get root certificates installed in browsers by default, etc.
Craig
More information about the users
mailing list