Discuss mailing list

[Jamyn Shanley <jshanley AT gmail.com>]

On Wed, May 30, 2012 at 5:52 PM, Julian DeMarchi
<julian AT jdcomputers.com.au> wrote:
> cacert _is_ getting their CA into browsers very soon, unlike Open

Define "very soon"? My understanding is that they are a long way off
from acceptance in Firefox and other browsers, possibly years.

> It _is_ perfectly acceptable for a registra to use a cacert.

So you are formally saying that SSL warnings in most modern browsers
is acceptable policy for an OpenNIC registrar?

> I run a few OSS sites which all use cacerts.

These are registrar/tld sites, not just "any" site. I would think the
goal is to garner trust with the user and reassure them that things
are all working normally, that there are no errors or problems with
the network, etc. I'm not even trying to debate whether or not "paid"
SSL certificates are a ripoff. Sure they are. We all know that. But
the question is whether or not OpenNIC is fine with their core
infrastructure generating errors to the average user. Based on that
response, the answer is yes?