Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for December 5, 2013
Deadline scheduling: coming soon?
LWN.net Weekly Edition for November 27, 2013
ACPI for ARM?
LWN.net Weekly Edition for November 21, 2013
So many trusted authorities
Posted Feb 4, 2010 10:56 UTC (Thu) by tzafrir (subscriber, #11501)
The list is a long one, and provides practically no information about the specific CA besides its name. It can be re-run later using the standard dpkg-reconfigure.
So it's a single dialog rather than dozens of prompts. But somehow I'm not sure the UI is optimal (or even reasonable).
Posted Feb 4, 2010 16:32 UTC (Thu) by ejr (subscriber, #51652)
Posted Feb 4, 2010 21:43 UTC (Thu) by bronson (subscriber, #4806)
Posted Feb 5, 2010 1:26 UTC (Fri) by giraffedata (subscriber, #1954)
There's a lot of value in the Firefox developers screening these guys for me.
Bear in mind that the penalty for saying "no" to a CA that is actually trustworthy and legitimate (perhaps because you've never heard of it) is high: you don't get to use the web site you wanted to use.
I'm not sure any of it really matters in the big picture, though. The Chinese government can just use a self-signed certificate. In browsers I've seen, that results in a prompt to the user that, to 99% of them, is gobbledygook that boils down to "do you want to go to the web site you requested or not?"
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds