New SSL certificate
staikos at kde.org
Wed Feb 12 16:38:57 GMT 2003
Hi Helio, all
Just a note about SSL certificate policy. I thank Helio and connectiva for
helping maintain the database. We need people to help with this or our
database will eventually grow stale. There were a few glitches in this check
in but I fixed them up quickly - no big deal. However we have put an ACL on
this directory now because we have to be -very- careful that we don't ship
something broken here.
Furthermore, if you want to add a certificate, you must do as connectiva
did, and investigate thoroughly. In this case, it looks ok to me as we have
personal verification, and it is a government issued certificate. While I
don't personally know that the person who generated it is authorised by the
government to issue certificates as such, I am inclined to trust Helio and
Andreas Hasenack on this matter. (see
One thing that is now required formally, and I should have done long ago, is
to provide details and a request on kde-core-devel and to the kssl maintainer
(currently me) about new certificates. This way we can have at least a
semi-formal, open procedure for adding certificates. This is the second time
we have added one to the database other than what is in Netscape's database.
The first time, we actually waited until the CA's key was added to other
commercial browsers before we joined in.
If you want to know why we don't add certificates that aren't available
elsewhere, well, I don't have the time nor the money to thoroughly
investigate a new CA, and I don't think too many CAs will be covering that
bill for KDE. (Yet, anyways - here's to hoping for the future.)
So for now, if you really must have a CA root file in the database, please
contact us and we will discuss. Please do not be too disappointed if we take
a very long time to add the file though.
More information about the kde-core-devel