[CREATE] SwatchBooker 0.6
Jon Cruz
jon at joncruz.org
Mon Mar 1 00:58:04 PST 2010
On Feb 28, 2010, at 11:56 PM, a.l.e wrote:
>
> it doesn't look like an invalid certificate to me... isn't it a self signed one? or more probably one issued by an entity which does not have its root certificate included per default in your browser?
>
> i guess that if your using linux or any bsd (as you always should :-) you should have an option to install the community based root certificates through your packet management system. then everything will be ok!
Well, there are a few problems.
One is that installing any root cert exposes high risk. And then this particular one is known to have problems.
So, yes, one *could* set things to accept it... but then that circumvents most of the security that is normally gained from SSL.
But a *VERY* important aspect is that for distribution of software one should not require the average end user to turn off their security. Nowadays that is much more important.
And it appears that as a *root* cert for a browser, this particular one has some big issues. For peer-to-peer, email, etc things may not be such a problem, but for a browser root cert this is a very high-risk item. Auditing issues, withdrawal from mozilla consideration, etc., all come in to play. Again, for a personal chain of trust things might work well, but a browser is too all-or-nothing when it comes to root certs.
More information about the CREATE
mailing list