Jump to navigation

Poupou's Corner of the Web

Looking for perfect security? Try a wireless brick.
Otherwise you may find some unperfect stuff here...

Weblog

Stretching trust transitiveness

As a glass of wine (personal preference, any liquid should do ;-) can be "half full" or "half empty" I'm offering you this announcement in two shades...

If you totally trust :
  • me,
  • Mono,
  • SVN (right now), tarballs or RPM[S] (later),
  • TCP/IP over the Internet,
  • LXR,
  • Mozilla (people, servers, infrastructure...)
  • everyone who Mozilla trust enough to add their root certificates in their products,
  • and probably a few others, like yourself
then, without doubts, the new mozroots tool is for you!.

A future version of the certificate manager will provide a GUI for this so people that not trusting their own typing skills can use it as well.

Open a terminal and type:

mozroots --import --sync --quiet

place your finger on the Enter, close your eyes, press the Enter key and be happy.

Hopefully everyone realize that real life tends to be between extremes. The mozroots tool is a nice addition to Mono and makes it easier to install the most common roots certificates that most people will need. Now trusting too much (either people or certificates) also have it's dangers. I suggest that you read the mozroot's man page before using it. The tool has some options, like addition/removal confirmations, that can be helpful in different situations. So use mozroots like (you should use) an hammer: find nails not fingers ;-)

While we are on the trust subject I also wrote a small article on Mono's wiki about using using trusted roots respectfully when developing .NET applications (mostly runtime independant suggestions). Comments welcomed!


10/26/2005 09:23:53 | Comments

The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.