Re: [Savannah-hackers-public] SSL certificates

[Sylvain Beucler]

It's up.

As you could see I created a "shared" account for the Savannah
Hackers, if you want the password, mail me so I can send it securely.

-- 
Sylvain

On Sat, Sep 13, 2008 at 01:28:32AM -0400, Michael Casadevall wrote:
> I should note some Linux distributions, such as Debian and Fedora
> include the CAcert root certificate so having it won't be quite so bad
> as having just a totally self-signed certificate.
> Michael
> 
> On Fri, Sep 12, 2008 at 8:16 PM, Noah Slater <address@hidden> wrote:
> > On Fri, Sep 12, 2008 at 10:55:10PM +0200, Sylvain Beucler wrote:
> >> > I've put in the order for both savannah.gnu.org and savannah.nongnu.org.
> >> > So I hope we'll get them soon.
> >>
> >> OK, there's a plan to use CAcert.org. I'd rather do instead of wasting
> >> money on "trust".
> >
> > I agree that the whole SSL certificate industry is a farce, but 
> > unfortunately
> > there doesn't seem to be any other option for improving the user experience.
> >
> > From the Wikipedia article on CAcert:
> >
> >  As of 2005, certificates issued by CAcert are not as useful in web 
> > browsers as
> >  certificates issued by commercial CAs such as VeriSign, because most 
> > installed
> >  web browsers do not distribute CAcert's root certificate. Thus, for most 
> > web
> >  users, a certificate signed by CAcert behaves like a self-signed
> >  certificate. There was discussion for inclusion of CAcert's root 
> > certificate in
> >  Mozilla and derivatives (such as Mozilla Firefox) but it was closed without
> >  including it, at the end of April 2007.
> >
> > Given the low price of a "trusted" certificate, I would be interested to 
> > know
> > how it could be considered an improvement on the current state of affairs.
> >
> > Best,
> >
> > --
> > Noah Slater, http://bytesexual.org/nslater
> >
> >
> >
>