-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/21/2012 07:56 AM, James Knott wrote:
Fabian Rodriguez wrote:
Please notice the typo. It looks like James used cecert.org.
No I didn't. I used https, which checks the certificate for the site.
If you can't trust their certificate, you can't trust any certificate
they provide. If I go to that site with only http, then I don't get an
error, but only because their certificate is not verified.
I realize I should have provided some more detail.
Perhaps CaCert is just not for you. If you want identity assurance,
CaCert is *definitely not for you*:
"[...]certificates are considered weak because CAcert does not emit any
information in the certificates other than the domain name or email
address (the /CommonName/ field in X.509 certificates)."
CACert's root certificate can't afford to be included in some browsers, see:
"Traditionally vendors seeking to have their root certificates included
in browsers (directly or via the underlying OS infrastructure like
Safari via OS X's Keychain) would have to seek an expensive Webtrust
<http://www.webtrust.org/> audit (~$75,000 up-front plus ~$10,000 per
year). While achievable for commercial CAs who typically charge per
certificate year, this is typically out of the reach of non-profit
organisations like CAcert. "
http://wiki.cacert.org/InclusionStatus
That's why you see the warning messages (again, read them carefully,
they are not security breaches or "hacking" proof).
Self-signed certificates have specific uses (and pros/cons), see:
http://en.wikipedia.org/wiki/Self-signed_certificates
Please read the Wikipedia article I've linked before, it has important,
summarized information if you can't read all of CACert's detailed
documentation and rules:
http://en.wikipedia.org/wiki/Cacert
It's not some trivial subject, sorry I can't elaborate forever on this.
*The bottom line is if you don't want the warnings, can't afford the
time to explain them, and have the money, pay a commercial provider and
realize you are trusting some unknown corporation (rather than yourself
and the combination of CACerts' web of trust).* If you think trusting
any corporation is better, just search for "ssl certificates stolen" and
you'll see what I mean.
Best,
Fabian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: PGP/Mime available upon request
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/jG7AACgkQfUcTXFrypNUu8wCfRYhzVvfb5dYWANkYFYX3C6F9
tFsAmwTk267ti8WP2vHnL9h6XNhKypeY
=Wb90
-----END PGP SIGNATURE-----
--
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
Context
[libreoffice-users] Re: Signing Documents with a personal Certificate · Andreas Säger
Re: [libreoffice-users] Re: Signing Documents with a personal Certificate · Tom Davies
Re: [libreoffice-users] Re: Signing Documents with a personal Certificate · Steve Edmonds
[libreoffice-users] Re: Signing Documents with a personal Certificate · Andreas Säger
Re: [libreoffice-users] Re: Signing Documents with a personal Certificate · James Knott
Re: [libreoffice-users] Re: Signing Documents with a personal Certificate · James Knott
Re: [libreoffice-users] Signing Documents with a personal Certificate · James Knott
Re: [libreoffice-users] Signing Documents with a personal Certificate · Anthony Easthope
Re: [libreoffice-users] Signing Documents with a personal Certificate · JOE CONNER
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.