On Mar 13, 2010, at 6:13 PM, Rasmus Lerdorf wrote: > On 03/13/2010 05:47 PM, Daniel Convissor wrote: >> On Sat, Mar 13, 2010 at 04:28:21PM +0100, Hannes Magnusson wrote: >>> >>> Just install the root cert from http://www.cacert.org >> >> Someone I trust regarding security issues said the following recently >> about doing such: >> >> I note that as of 2009-01-05 evidently CAcert began requiring not just >> "can you get email" but any one of four other checks of identity as >> well. Unfortunately, it doesn't look as if they retired their old >> root CA at that time (an issue also raised by Ubuntu). What that >> means is that trusting CAcert's root means trusting a lot of certs >> out there that could trivially have been obtained under false >> pretenses. Very bad. > > I don't see how that is all that relevant here. Our certs are fine and > can be trusted and provides the encryption we need. If you don't want > to trust other cacert-based ones don't install the root and just tell > your browser to accept the php.net ones permanently.
Okay, this information should probably affect our FAQ. That ours can be trusted but we can't speak for others. I'll add something about this there. Regards, Philip
