[ntp:questions] Is there something with greater detail on "interface" besides the manpage?

John Hasler jhasler at newsguy.com
Thu Nov 21 13:38:23 UTC 2013


David Woolley writes:
> Actually I would expect the name on their root certificates, the
> generic "Root CA" to send warning bells to anyone who was security
> conscious, but not already familiar with them.

Anyone who is really serious about security will accept certificates
only in person, by hand directly from site operators whom they have
thoroughly investigated.  But of no one is.

The present Web certificate system is badly broken.  It's about as
secure as a locked convertible with the top down.  It should never be
relied upon for anything nontrivial.  For that purpose CAcert is as good
as anything else and better than most.
-- 
John Hasler 
jhasler at newsguy.com
Dancing Horse Hill
Elmwood, WI USA



More information about the questions mailing list