From kde-core-devel Thu Feb 21 19:50:19 2002 From: Neil Stevens Date: Thu, 21 Feb 2002 19:50:19 +0000 To: kde-core-devel Subject: Re: Root Certificate integration of DFN-PCA X-MARC-Message: https://marc.info/?l=kde-core-devel&m=101432110625627 On Thursday February 21, 2002 11:44, Andreas Pour wrote: > Just to clarify on this point a bit. The issue is one of legal > authority. As you know, certificate issuers have procedures in place to > verify that (i) the organization seeking the certificate is legitimate > (easy in this case); (ii) that the organization has authorized the root > certificate; and (iii) that the person submitting the root certificate > is authorized to do so. Probably there is something else I'm missing, > but those are the essential issues. > > With respect to a root certificate the issue is far more serious. There > is no way for us to know you are who you claim to be, or, even if so, > that you are authorized to provide your institution's root certificate. > Verifying this entails certain legal procedures that we are ill-equipped > to handle on our own. It's not that they would be overly complicated, > but you can see the problem if, say, some cracker posing as an official > convinced us to include a root certificate in the browser. Do the ones already included in KDE meet this standard? Be consistent. It's the only way to be fair. -- Neil Stevens neil@qualityassistant.com Don't think of a bug as a problem. Think of it as a call to action.