[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Root Certificate integration of DFN-PCA
From: Michael Matz <matz () kde ! org>
Date: 2002-02-21 19:29:17
[Download RAW message or body]
Hi,
On Thu, 21 Feb 2002, George Staikos wrote:
> You are the second person to ask about this. Last year an
> organization in Poland also requested for us to import their root
> certificate. We had a very long discussion about this
Oh I missed that probably. Or I can't remeber anymore ;)
> and did not accept their request due to legal issues. Basically we
> have no way to defend ourself if someone asks us to import their
> certificate and a konqueror user gets scammed from this. Right now we
> just import the Netscape certificate database entries into our own
> database.
This is a very questionable argument. For what reason exactly would we
accept netscape's certificate DB, but not DFN's? I for one would trust
DFN certainly more than netscape if I really had to choose. Also the
argument about self-defense seems strange. Who exactly can't defend (in a
legal sense) himself if any user is scammed? *.kde.org? KDE e.V.?
George Staikos? As noone gave any guarantee there actually is no need for
any defense (we aren't acting willingly against our better knowledge.
Nothing more could be demanded.)
> I really feel bad for this and I wish there was a method we could use
> to protect ourselves and be able to import other root certificates
> each release. Do you have any suggestions along these lines? [Does
> anyone else on the list have any suggestions now?]
Well, import root certificates from organizations which ask and whom you
trust enough. The latter can be substituted with "enough people you trust
trust that organization". For this special case I guess you can find
enough people trusting DFN (basically all germans who know what DFN is).
Ciao,
Michael.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic