New SSL certificate

George Staikos staikos at kde.org
Wed Feb 12 16:38:57 GMT 2003


Hi Helio, all

   Just a note about SSL certificate policy.  I thank Helio and connectiva for 
helping maintain the database.  We need people to help with this or our 
database will eventually grow stale. There were a few glitches in this check 
in but I fixed them up quickly - no big deal.  However we have put an ACL on 
this directory now because we have to be -very- careful that we don't ship 
something broken here.

   Furthermore, if you want to add a certificate, you must do as connectiva 
did, and investigate thoroughly.  In this case, it looks ok to me as we have 
personal verification, and it is a government issued certificate.  While I 
don't personally know that the person who generated it is authorised by the 
government to issue certificates as such, I am inclined to trust Helio and 
Andreas Hasenack on this matter.  (see 
http://www.icpbrasil.gov.br/certificadoACRaiz.crt)

  One thing that is now required formally, and I should have done long ago, is 
to provide details and a request on kde-core-devel and to the kssl maintainer 
(currently me) about new certificates.  This way we can have at least a 
semi-formal, open procedure for adding certificates.  This is the second time 
we have added one to the database other than what is in Netscape's database.  
The first time, we actually waited until the CA's key was added to other 
commercial browsers before we joined in.

  If you want to know why we don't add certificates that aren't available 
elsewhere, well, I don't have the time nor the money to thoroughly 
investigate a new CA, and I don't think too many CAs will be covering that 
bill for KDE.  (Yet, anyways - here's to hoping for the future.)

  So for now, if you really must have a CA root file in the database, please 
contact us and we will discuss.  Please do not be too disappointed if we take 
a very long time to add the file though.

-- 

George Staikos





More information about the kde-core-devel mailing list