Re: [Evolution] SSL certificates and Man in the Middle attacks

From: Pete Biggs <pete biggs org uk>
To: evolution-list gnome org
Subject: Re: [Evolution] SSL certificates and Man in the Middle attacks
Date: Thu, 13 Sep 2012 10:13:53 +0100

Right then, if you are all saying that my premise ("perhaps some CAs
deliver certificates for domains that are not actually demonstrably
owned by the requester") is utterly wrong, and that the myriad of CAs we
provide by default are all trustworthy, then the system is, I guess,
trustworthy.

Just wanted to make sure :)


Trust is a personal thing.  The bundle of trusted certificates provided
with a distro/OS are those that the maintainers have decided are
trustworthy, hopefully by examining the chain of keys that those
certificates are signed with.  Only you can decide if you trust the
source of that bundle, and hence trust the certificates.  If you don't,
then remove the bundle and then add only those certificates that you
personally trust, and that come from sources that you can verify.

P.

References:
- [Evolution] SSL certificates and Man in the Middle attacks
  - From: Jeff Fortin
- Re: [Evolution] SSL certificates and Man in the Middle attacks
  - From: Jeff Fortin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]