Firefox security status
Posted Jun 8, 2007 21:54 UTC (Fri) by ekj
In reply to: Firefox security status
Parent article: Firefox security status
Sure, a certificate signed by one of the CAs that say Firefox trusts by default indicates *something*. Nothing that is useful for deciding if you trust software delivered from that host though.
A Verisign-signed certificate for "foobar.org" shows that Verisign is convinced that the person who they at one time sent the certificate too is the same entity that owns foobar.org.
This helps very nearly not at all.
- It doesn't tell you what policy foobar.org has for letting people host stuff on their https-server.
- It doesn't tell you if foobar.org has been compromised and the files trojaned.
- It doesn't tell you if the developers/owners/administrators of foobar.org are dependable or not.
to post comments)