Loomio
Mon 5 Aug 2013 12:32PM

Make CAcert a valid certificate-authority now!

A Alex Public Seen by 142

At the moment Diaspora does not accept CAcert as valid certificate authority and as a consequence people using CAcert-certificates (and these are many) will not be able to communicate with other pods properly.

Admins already using CAcert may not create separate startSSL-certificates (as suggested in the wiki) just because of being annoyed and run their pod with "invalid" CAcert-certificates resulting in malfunctioning synchronization with other pods. Also users of CAcert-pods are not able to use Diaspora-apps such as cubbi.es due to their unaccepted certificates.

In short I think that the growth of the Diaspora-podnet suffers from the exclusion of CAcert.

This is why I want to vote for including CAcert as-soon-as-possible as a valid CA into the Diaspora project!

RF

Rasmus Fuhse
Abstain
Wed 21 Aug 2013 7:50PM

I would say yes to the proposal, because non-commercial certs are very nice. But in fact I think, this proposal is about changing the protocol. And maybe we should ask ourselves, if we still need certs in the protocol.

BB

Brent Bartlett
Block
Thu 22 Aug 2013 12:00AM

Sorry, this just seems like a bad idea. I don't see what the upside to this would be. Having sites that pop up warnings would just create dead ends in the Diaspora network.

T

thomas
Disagree
Thu 22 Aug 2013 8:08AM

not at this moment at least.

TA

Theodotos Andreou
Agree
Thu 22 Aug 2013 8:26AM

In the after NSA leaks era, I don't think that any of the commercial CAs are to be trusted. I vote in favour of CAcert to be accepted in diaspora

C

Christophe
Agree
Thu 22 Aug 2013 9:09AM

I am a big supporter of CAcert, I received my first certificate in 2006 and I'm an assurer. I'd love to see CAcert support in pod to pod communication, as XMPP is doing it at the moment.

A

Alex Thu 8 Aug 2013 7:54AM

@Flaburgan Concerning your objections I think accepting CACert optionally (not accepting by default) would be a good compromise?

F

Flaburgan Thu 8 Aug 2013 9:16AM

accepting CACert optionally (not accepting by default) would be a good compromise?

Don't think so: content is coming from every pod, if only one accept it, the whole network needs to do so.

A

Alex Thu 8 Aug 2013 10:29AM

@Flaburgan At the moment no pod will accept CAcert and pods using CAcert will not be able to federate with other pods. - So yes, content is coming from every pod, also from CACert-pods, which are excluded from federation at the moment.

ST

Sean Tilley Thu 8 Aug 2013 4:46PM

Right now, it seems that CACert is undergoing an audit in the hopes of being included in Mozilla Firefox. You can see the bug discussion here, and Mozilla's policy here.

So long story short, I think for any of this to be practical, we will have to wait for greater browser support. When more browsers support CACert for inclusion, then I think it'll be better for our end users.

JR

Jason Robinson Thu 8 Aug 2013 7:23PM

Using Diaspora* should absolutely NOT require any actions from the user - except choosing a username. Any security popups coming up because of lazy podmins is going to not expand the network, but kill it. A big no.

Load More