[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Root Certificate integration of DFN-PCA
From:       Michael Matz <matz () kde ! org>
Date:       2002-02-21 19:29:17
[Download RAW message or body]

Hi,

On Thu, 21 Feb 2002, George Staikos wrote:

> You are the second person to ask about this.  Last year an
> organization in Poland also requested for us to import their root
> certificate.  We had a very long discussion about this

Oh I missed that probably.  Or I can't remeber anymore ;)

> and did not accept their request due to legal issues.  Basically we
> have no way to defend ourself if someone asks us to import their
> certificate and a konqueror user gets scammed from this.  Right now we
> just import the Netscape certificate database entries into our own
> database.

This is a very questionable argument.  For what reason exactly would we
accept netscape's certificate DB, but not DFN's?  I for one would trust
DFN certainly more than netscape if I really had to choose.  Also the
argument about self-defense seems strange.  Who exactly can't defend (in a
legal sense) himself if any user is scammed?  *.kde.org?  KDE e.V.?
George Staikos?  As noone gave any guarantee there actually is no need for
any defense (we aren't acting willingly against our better knowledge.
Nothing more could be demanded.)

> I really feel bad for this and I wish there was a method we could use
> to protect ourselves and be able to import other root certificates
> each release.  Do you have any suggestions along these lines?  [Does
> anyone else on the list have any suggestions now?]

Well, import root certificates from organizations which ask and whom you
trust enough.  The latter can be substituted with "enough people you trust
trust that organization".  For this special case I guess you can find
enough people trusting DFN (basically all germans who know what DFN is).


Ciao,
Michael.


[prev in list] [next in list] [prev in thread] [next in thread]