On Thu, Aug 25, 2011 at 01:51:01PM -0700, Craig White wrote: > the answer lies with the people who wrote the software for the certificate > store since the whole point is trust. > > If users could manipulate the root certificate store, then it would be > impossible to trust anything.
Whaaaat? Of course I can manipulate my browser's root certificate store. There's a nice bit of UI provided for exactly that purpose. I can install new certificates, remove ones I don't trust, examine all. Of course I can manipulate my OS' trust store. It's just files in /etc. There's no way to keep me out. Better to say: if users canNOT manipulate the root certificate store, then it would be impossible to trust anything. The whole point is *my* trust. (And yours.) -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart.
pgp0wNS8oiuaN.pgp
Description: PGP signature
