Re: Using libcurl/SSL with in-core certificate - solved
Date: Thu, 1 Sep 2005 15:39:04 +0200 (CEST)
On Thu, 1 Sep 2005, theo borm wrote:
> 1) licensing of the certificates:
> 1) Can be resolved relatively easily and quickly: Just ask the root
> certificate owners
I don't think obtaining the CA certs is the hard part, no.
> 2) Maintaining the chain of trust.
Here it starts getting complicated..
> 2) Is a bit more problematic, and requires a fundamental choise: Do you
> decide yourself whom to trust as a CA, or will you add any CA that wants to
> be added to your list.
I know for sure *I* cannot decide whom to trust, since I have no idea who
these companies are or if they are trustworthy. Also, the minute I start
accepting new CA certs I will get users suggesting what certs to add that they
claim are trustworthy and so on.
I could possibly ask around to see if there are users who have arguments for
or against specific companies, but that would be very random and inefficient.
> So what are we talking about - basically the forces of politics and lots of
> money at work. I symphatize with you for not wanting to become tied up too
> much in these areas.
I wouldn't mind being one member in a CA cert *team*, sorting these things
out, but I certainly have no intentions of heading such a task or team. For
the reasons you so clearly describe.
> If you want 1) to be sorted out I will gladly volunteer to send a polite
> email to the CA's listed in popular browsers and see what response I get. As
> to the second issue: my opinion (users should inform themselve) is not very
If you by this mean CA certs that other browsers have but we don't provide in
our CA bundle, then I am indeed interested in getting this help.
-- Commercial curl and libcurl Technical Support: http://haxx.se/curl.htmlReceived on 2005-09-01