|
This is exactly the situation for which CACert was created: an independent programmer or organization wants to get certification and doesn't want to pay the fees charged by major certification companies.
But CACert is not accepted as a certificate authority by major browsers. (Supposedly, according to news reports, CACert made it into the Mozilla browser, but that's not getting very far in the public eye.) So a CACert certificate isn't recognized by the browsers either.
One can ask, though, whether a certificate means much at all in this context. If I load a page running Jabeen's ActiveX control, CACert could tell me that the control really does come from Jabeen. But what more do I know about Jabeen? CACert can't tell me whether I can trust both his programming skill and his good intentions. We need a better reputation system.
|