Slashdot Mirror


What Would It Take To Have Open CA Authorities?

trainman writes "With the release of Firefox 3, those who have been using self-signed certificates for SSL now face a huge issue — the big, scary warning FF3 issues which is very unintuitive for non-technical users. It seems Firefox is pushing more websites in to the monopolistic arms of companies such as Verisign. For smaller, especially non-profit groups, which will never have issues with domain typo scammers, this adds an extra and difficult-to-swallow cost. Does a service such as this need the same level of scrutiny and cost since all that is being done is verifying domain and certificate match? This extra hand holding adds a tremendous cost and allows monopolistic companies such as Verisign to thrive. Can organizations such as Mozilla not move towards a model that helps break this monopoly, helping establish a CA root authority that's cheap (free?) and only links the certificate to the domain, not actual verification of who owns the domain?"

3 of 529 comments (clear)

  1. Re: Counter to "Recommend Firefox" by TaoPhoenix · · Score: 0, Flamebait

    Anyone know the IE status on this? Did they buy themselves out of a warning, or some such? It's totally down Microsoft's alley to trick Firefox into screaming "LittleGuy.com suxxors t3rr0rIsts" while IE cruises along, users shrug and say "uhh... well, works for me when I use MS..."

    --
    My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
  2. Re:CACert by smilindog2000 · · Score: 0, Flamebait

    Wow... what great security. I just certified myself to be "Lord God" at cacert.org. Maybe I'm missing something, but isn't this suppose to add some level of trust?

    --
    Beer is proof that God loves us, and wants us to be happy.
  3. Re:CACert by Lord+Ender · · Score: -1, Flamebait

    Hahahahahah...

    You really don't know what you are talking about, do you?

    It doesn't matter how they transfered your certificate to you. Your certificate is a PUBLIC KEY. They could have displayed it in base64 on a billboard in Times Square and you would be no less secure.

    SSL certs from Verisign, etc. prove that some level of attempt has been made to make sure you are who you say you are, and that there is some sort of money trail leading to you.

    You don't get that with freebie CAs.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.