> Right then, if you are all saying that my premise ("perhaps some CAs > deliver certificates for domains that are not actually demonstrably > owned by the requester") is utterly wrong, and that the myriad of CAs we > provide by default are all trustworthy, then the system is, I guess, > trustworthy. > > Just wanted to make sure :)
Trust is a personal thing. The bundle of trusted certificates provided with a distro/OS are those that the maintainers have decided are trustworthy, hopefully by examining the chain of keys that those certificates are signed with. Only you can decide if you trust the source of that bundle, and hence trust the certificates. If you don't, then remove the bundle and then add only those certificates that you personally trust, and that come from sources that you can verify. P. _______________________________________________ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list