Firefox certificates for Fedora sites?
Patrick Kobly
patrick at kobly.com
Mon Nov 19 17:38:10 UTC 2012
-----Original message-----
From: Blake Hudson <blake at ispn.net>
Sent: Mon 19-11-2012 09:42
Subject: Re: Firefox certificates for Fedora sites?
To: users at lists.fedoraproject.org;
> That is not how HTTPS works. HTTPS does not require an expensive
> commercial CA like Thawte. First, if Fedora/Redhat wanted, they could
> include their own CA certificate with their own distribution with no
> additional cost (other than the time creating a CA certificate and
> including it on their distribution).
And if they did so, I, for one, would cease using *any* Red Hat products in perpetuity. It would be a wholly inappropriate betrayal of their user community to sidestep Firefox's CA inclusion process (described at http://www.mozilla.org/projects/security/certs/policy/) for their own minimal benefit.
> Second, there are free or low cost
> CAs like StartSSL. I believe StartSSL benefits from Redhat, so they may
> be willing to give back to the community at no cost for some of the
> items they typically charge for.
And the StartSSL root meets the requirements for inclusion and is included in modern browsers by default.
PK
More information about the users
mailing list