[arch-general] [arch-dev-public] CAcert dropped from certificate bundle
Kyle
kyle at gmx.ca
Wed Apr 2 18:12:22 EDT 2014
I really do hope the manpower becomes available to complete the code
cleanup and other things necessary to bring CAcert into the major
browsers and back into the Arch certificate bundle. From looking at the
options, CAcert is, as far as I know, the only truly free certificate
authority available anywhere. By free, I don't just mean cost; I am
actually referring to freedom. Free software, free website, free
certificate. Or better said, freedom software, freedom website, freedom
certificate. The currency-based trust model of most certificate
authorities never should have been allowed to happen on a free and open
internet, meaning that I should be able to trust my connection to my
bank because enough people verified that my bank's certificate can be
trusted, not just because my bank paid enough money for another
corporation to deem them trustworthy. That said, there are some
technical changes required to make CAcert work better and to make it
more secure. Unfortunately, although I do hand-code most of my websites,
I wouldn't feel comfortable messing around in CAcert's code, as I really
only do basic stuff for the most part. I could certainly try my hand at
cleaning up some stuff in the wiki though. At this point, I'll probably
be keeping the CAcert certificates I have, and will tell people to
import their root certificate in order to trust my websites that need
HTTPS, especially since CAcert is the only organization I'm aware of
that will allow me to issue certificates for multiple domains running on
the same VPS with a single IP address, which apparently, StartSSL can't do.
~Kyle
http://kyle.tk/
--
"Kyle? ... She calls her cake, Kyle?"
Out of This World, season 2 episode 21 - "The Amazing Evie"
More information about the arch-general
mailing list