LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

CAcert vs. commercial CAs

CAcert vs. commercial CAs

Posted Dec 30, 2008 12:29 UTC (Tue) by angdraug (subscriber, #7487)
Parent article: SSL man-in-the-middle attacks

I think most important observation in this story is that CAcert.org, the free CA which Mozilla refuses to support in their browsers, implements a better vetting process than many of those commercial CAs supported by Mozilla since days of yore.

Not that I'm surprised with the commercial CAs (I strongly suspect that Comodo wouldn't be the only one with a flakey process): their primary purpose is making money, so the choice between charging you for another certificate and turning you down by the means of a strong vetting process is really a no-brainer. What doesn't stop to amaze me is that Mozilla, supposedly free and security-conscious project, continually refuses to support a fellow free security-focused project. Kind of proves my theory that money is bad for free software.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds