> Right then, if you are all saying that my premise ("perhaps some CAs
> deliver certificates for domains that are not actually demonstrably
> owned by the requester") is utterly wrong, and that the myriad of CAs we
> provide by default are all trustworthy, then the system is, I guess,
> trustworthy.
>
> Just wanted to make sure :)
Trust is a personal thing. The bundle of trusted certificates provided
with a distro/OS are those that the maintainers have decided are
trustworthy, hopefully by examining the chain of keys that those
certificates are signed with. Only you can decide if you trust the
source of that bundle, and hence trust the certificates. If you don't,
then remove the bundle and then add only those certificates that you
personally trust, and that come from sources that you can verify.
P.
_______________________________________________
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
