[TriLUG] CAcert meeting -- how to prepare

Cristóbal Palmer cmp at cmpalmer.org
Mon Feb 9 17:23:16 EST 2009


On Mon, Feb 9, 2009 at 4:59 PM, Lee Fickenscher <elfick at gmail.com> wrote:
> Is it a bad idea to add CACert's root certificate to your system? I assume
> that this is what the push is for anyway, but is it safe/smart to do so now?

What would be an attack against you that would leverage your having
accepted it? Do you check who the CA is when you hit a site with https
and there is no error (eg. a new-to-you vendor with a web "shopping
cart")?

Cheers,
-- 
Cristóbal M. Palmer
"The fun thing is to try to persuade others to share your opinions
about what rules and what sucks. Nothing is more fun than evangelism."
  --Larry Wall



More information about the TriLUG mailing list