Re: Forced HTTPS on web site
- From: Alexander Kriegisch <Alexander Kriegisch name>
- To: Andrew Savchenko <bircoph gmail com>
- Cc: mc-devel gnome org
- Subject: Re: Forced HTTPS on web site
- Date: Wed, 14 Mar 2012 12:33:49 +0100
Andrew Savchenko, 09.03.2012 15:51:
> On Fri, 09 Mar 2012 15:31:53 +0100 Alexander Kriegisch wrote:
>> Maybe it would be a good idea to either use a commercial
>> certificate or, if that is too expensive, continue using the
>> self-signed one, but only to log in and after you are logged in.
>
> Commercial certificate is not necessary, CACert certificates are
> acknowledged by any sane browser and may be obtained for free after
> registration.
One more comment about this statement, because it surprised me and I
just got around to testing it today. The result is as it always was: no
browser I tested (current release versions of Chrome, FF, Opera, IE)
trusts the CAcert root certificate, every single one shows a warning.
Anything else would have been a surprise to me. Getting automatic trust
on such certificates would be a security nightmare. Even with WOT
notaries it is not much better.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
