On Thursday February 21, 2002 11:44, Andreas Pour wrote:
> Just to clarify on this point a bit.  The issue is one of legal
> authority.  As you know, certificate issuers have procedures in place to
> verify that (i) the organization seeking the certificate is legitimate
> (easy in this case); (ii) that the organization has authorized the root
> certificate; and (iii) that the person submitting the root certificate
> is authorized to do so.  Probably there is something else I'm missing,
> but those are the essential issues.
>
> With respect to a root certificate the issue is far more serious.  There
> is no way for us to know you are who you claim to be, or, even if so,
> that you are authorized to provide your institution's root certificate.
> Verifying this entails certain legal procedures that we are ill-equipped
> to handle on our own.  It's not that they would be overly complicated,
> but you can see the problem if, say, some cracker posing as an official
> convinced us to include a root certificate in the browser.

Do the ones already included in KDE meet this standard?  Be consistent. 
It's the only way to be fair.

-- 
Neil Stevens
neil@qualityassistant.com

Don't think of a bug as a problem.  Think of it as a call to action.