From kde-core-devel Thu Feb 21 19:29:17 2002 From: Michael Matz Date: Thu, 21 Feb 2002 19:29:17 +0000 To: kde-core-devel Subject: Re: Root Certificate integration of DFN-PCA X-MARC-Message: https://marc.info/?l=kde-core-devel&m=101432002321774 Hi, On Thu, 21 Feb 2002, George Staikos wrote: > You are the second person to ask about this. Last year an > organization in Poland also requested for us to import their root > certificate. We had a very long discussion about this Oh I missed that probably. Or I can't remeber anymore ;) > and did not accept their request due to legal issues. Basically we > have no way to defend ourself if someone asks us to import their > certificate and a konqueror user gets scammed from this. Right now we > just import the Netscape certificate database entries into our own > database. This is a very questionable argument. For what reason exactly would we accept netscape's certificate DB, but not DFN's? I for one would trust DFN certainly more than netscape if I really had to choose. Also the argument about self-defense seems strange. Who exactly can't defend (in a legal sense) himself if any user is scammed? *.kde.org? KDE e.V.? George Staikos? As noone gave any guarantee there actually is no need for any defense (we aren't acting willingly against our better knowledge. Nothing more could be demanded.) > I really feel bad for this and I wish there was a method we could use > to protect ourselves and be able to import other root certificates > each release. Do you have any suggestions along these lines? [Does > anyone else on the list have any suggestions now?] Well, import root certificates from organizations which ask and whom you trust enough. The latter can be substituted with "enough people you trust trust that organization". For this special case I guess you can find enough people trusting DFN (basically all germans who know what DFN is). Ciao, Michael.