Make CAcert a valid certificate-authority now!
At the moment Diaspora does not accept CAcert as valid certificate authority and as a consequence people using CAcert-certificates (and these are many) will not be able to communicate with other pods properly.
Admins already using CAcert may not create separate startSSL-certificates (as suggested in the wiki) just because of being annoyed and run their pod with "invalid" CAcert-certificates resulting in malfunctioning synchronization with other pods. Also users of CAcert-pods are not able to use Diaspora-apps such as cubbi.es due to their unaccepted certificates.
In short I think that the growth of the Diaspora-podnet suffers from the exclusion of CAcert.
This is why I want to vote for including CAcert as-soon-as-possible as a valid CA into the Diaspora project!
Flaburgan
Thu 8 Aug 2013 9:21AM
I don't want to request any action from the user. We need to open our network to non-geek people. Joe Average will not accept a warning certificate, he will simply not you the application, especially if he has to do it on desktop, mobile, etc...
goob
Thu 8 Aug 2013 9:54AM
I'm afraid I don't know enough about the pros and cons of this, so am happy to go with whatever the rest of you decide.
Mikhail Shirkov
Thu 8 Aug 2013 5:44PM
We should support federation with CACert certificates! It can be useful for small instances, with loyal user base, or for cypherpunk communities.
Seth Martin
Thu 8 Aug 2013 7:18PM
Need to wait until there is greater browser support. We should not be driving away new users that don't understand and get scared with browser warnings.
Jason Robinson
Fri 9 Aug 2013 3:22PM
If we can guarantee no popups for modern(ish) browsers, mobile too, ok for me.
Jason Robinson
Sat 10 Aug 2013 2:37PM
A big no since Android default mobile browser will not work
Alex
Mon 12 Aug 2013 11:26AM
Given all the problems I was not aware of when opening the discussion I changed my mind ...
Roger Braun
Thu 15 Aug 2013 4:17PM
Cypherpunk networks can just trust the necessary Certs themselves. If this was official, users would get security errors/warnings when seeing content from CACert pods. I agree that the state of SSL and the Cert system sucks, but we can't change that.
Florian Staudacher
Wed 21 Aug 2013 11:24AM
I can live with it either way ;)
Tom Scott
Wed 21 Aug 2013 7:47PM
I would rather not ship code that can cause warnings (albeit benign) on Android's stock browser. Seems like this whole idea is broken, evidenced by the big red warning I get when I visit http://cacert.org =P