[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Root Certificate integration of DFN-PCA
From:       Michael Matz <matz () kde ! org>
Date:       2002-02-22 0:41:41
[Download RAW message or body]

Hi,

On Thu, 21 Feb 2002, George Staikos wrote:

> > not really :-) You can import any signer into netscapes cert7.db without
> > interference of lawyers, simply via the browser interface, no difference to
> > KDE. The instructions on how to do so are on display at the DFN-PCAs
> > handbook to OpenSSL, which is very complete and has been a great help for
> > me in the past.
>
>    You can do that with konqueror too.  But we aren't shipping it in there
> already.  Otherwise I think it would be nice for me to create my own CA and
> put it in there too, right?

This would go against reasonability.  Btw. now I must ask for the actual
behaviour: for konqui is the goodness of a certain certificate only
dependend on the actual presence of a cert chain up to a root cert, or
does it also depend on _which_ root cert it got (i.e. on which tree in the
trust semiforest it hangs).  I would prefer the latter, and if that's so,
then I actually have nothing against you creating your own CA and
including it.  Nobody besides you is going to use it to sign/cert
anything, so if I set it to "untrusted" no harm would be done, and
probably no interesting content would be filtered.


Ciao,
Michael.

[prev in list] [next in list] [prev in thread] [next in thread]