On 5/28/2014 7:13 PM, Andrew Sutherland wrote:
My imagined rationale for why someone would use a self-signed
certificate amounts to laziness. (We've been unable to determine what
the rationale is for using invalid certificates in these cases as of
yet.) For example, they install dovecot on Debian/Ubuntu, it
generates a self-signed certificate, they're fine with that. Or they
created a self-signed certificate years ago before they were free and
don't want to update them now. Under this model, it's very unlikely
that there's a server farm of servers each using different self-signed
certificates, which would be the case where we want multiple
certificates. (Such a multi-exception scenario would also not work
with my proposed trusted server thing.)
Two more possible rationales:
1. The administrator is unwilling to pay for an SSL certificate and
unaware of low-cost or free SSL certificate providers.
2. The administrator has philosophical beliefs about CAs, or the CA
trust model in general, and is unwilling to participate in it.
Neglecting the fact that encouraging click-through behavior of users can
only weaken the trust model.
[ Discovered in the course of reading a few CACert root certificate
request bugs. ]
[ Secondary note: most of my thoughts on X.509 certificates are geared
towards its relation to S/MIME, which shares similar but not quite
identical concerns. ]
--
Joshua Cranmer
Thunderbird and DXR developer
Source code archæologist
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
