[Gpg4win-users-en] Initial install questions or how many red flagswill we raise?
Dewayne Geraghty
dewayne.geraghty at heuristicsystems.com.au
Fri Jun 29 01:14:04 CEST 2012
> 2. Where are they talking to? Why?
>
> When I logged into the forum for a general discussion on the
> questions above, Firefox browser immediately complains that
> the website is an untrusted website, and gives information
> that the security certificate is untrusted and that it cannot
> guarantee the authenticity of the website. It makes an
> effort to block access to the site.
Firefox complains about the certificate because its a self-signed
certificate. A self-signed certificate can be created by anybody. A lot
of open-source websites use a certificate and these provide some assurance
that their site is managed by them, particularly relevant when you make
subsequent visits. You have to make the decision to trust the certificate;
which is really what the warning is about. The warning could be better
worded but for naïve users its meant to deter them unless they know what's
going on. If you "out-task" the decision-making responsibility and accept
ALL certificate (& authorities) that Mozilla or Microsoft have on their
lists, then that is your call. (And there is a significant cost to the
cert. authority to be enrolled on MS list, I haven't looked into Mozilla)
I prefer the freedom and independence to make my own determination. I have
no reason to trust certificates from companies in countries that do not
have the same legal protection from the ones that I accept (usually US, UK,
Singapore etc).
If you're pulling software from a site and running it on your equipment,
then you already trust the site. Accepting their certificate only means
that you're storing a token that: a) verifies that the URL in the
certificate matches the URL that you intend to connect; and b) that the two
machines can transmit information over a secure link, if required.
Regards, Dewayne.
More information about the Gpg4win-users-en
mailing list