

Why the browsers must change their old SSL security (?) model - fexl
https://financialcryptography.com/mt/archives/001232.html
Cites a paper which highlights flaws and threats in the Certificate Authority model and proposes incremental improvements.
======
pyre
Chromium didn't like the site's SSL cert (presumably self-signed, the warning
page is light on the details, or I just missed a link to more detail).

~~~
wrs
It's from CACert (<http://www.cacert.org/>). In Chrome, click on the caution
symbol on the right of the address bar to see the cert info.

Since his point is that you shouldn't trust the browser to decide whether to
trust the CA, it sort of makes sense that he's on CACert...

~~~
fexl
Precisely. He did that on purpose, and I remember him saying so at the time. I
trusted CACert a long time ago so I forgot all about it. Otherwise I would
have posted the http link to avoid the fuss.

------
bensummers
When you use an extended validation certificate, I think most browsers make it
very easy to see the CA.

