|WikiProject Computing / Networking||(Rated Start-class, Low-importance)|
- 1 Cited Reference wasn't a Reference
- 2 Sometimes I forget Wikipedia isn't necessarily for the "common man"
- 3 CRL Validaton
- 4 Not Encyclopedic
- 5 pre-installation fee
- 6 >100 root certificates trusted unconditionally
- 7 Criticism
- 8 DV = junk?!
- 9 Article being vandalized with  everywhere
Cited Reference wasn't a Reference
The only cited reference doesn't actually seem to have been a source for the article, as it is actually about a compromise of the mechanism, and, although it may cover some of the facts in passing, it certainly doesn't cover most of them.
I've moved it to external links.
--David Woolley 11:27, 15 November 2005 (UTC)
- I've added a line about the X.509 certificate collision, and so moved the citation back to the "References" section. — Matt <small>Crypto</small> 12:36, 15 November 2005 (UTC)
- There is still a problem that all but one paragraph lacks sources. Unfortunately, there doesn't seem to be a template for this article's references are largely incomplete. --David Woolley 12:47, 15 November 2005 (UTC).
Sometimes I forget Wikipedia isn't necessarily for the "common man"
This article was linked from another article (the latter in "common-man's" English).
But after two quick glances my eyes just glazed over.
- Thought people should be informed that the "better way" link mentioned above takes one to a commercially supported website named "webopedia.com"; "commercial" in the sense that that are numerous ads on the site. I would agree that the quality of this X.509 article needs improving - both for the "common man" as well as the computer science learner and/or practitioner. Dan Aquinas (talk) 18:11, 31 May 2012 (UTC)
In addition to the article's dependence on specific contextual background knowledge, without which it's mostly gibberish, the article suffers severely from UAD (Unexplicated Acronym Disorder) by frequently using acronyms without ever presenting what these stand for. — Preceding unsigned comment added by 184.108.40.206 (talk) 16:05, 30 September 2011 (UTC)
Much of this article is written in a casual style, especially this paragraph:
This is an example of a self-signed certificate; note that the issuer and subject are the same. There's no way to verify this certificate except by checking it against itself; we've reached the top of the certificate chain. So how does this certificate become trusted? Simple - it's manually configured. Thawte is one of the root certificate authorities recognized by both Microsoft and Netscape. This certificate comes with the web browser (you can probably find it listed as "Thawte Server CA" in the security settings); it's trusted by default. As a long-lived (note the expiration date), globally trusted certificate that can sign pretty much anything (note the lack of any constraints), its matching private key has to be one of the most closely guarded in the world.
The Certificates section suggests that large CA venders paid fee to make their root certificates pre-installed. On the other hand, a web page from the Mozilla Project clearly states no such fee. I see that pre-installation requires some kind of audit, such as WebTrust, and CA venders might pay money to the auditor. It would be great if some parts of the section is rewritten, so that readers will not get confused.Iida-yosiaki (talk) 14:11, 13 February 2009 (UTC)
>100 root certificates trusted unconditionally
How on earth did we get over 100 root certificates, all trusted unconditionally to authenticate any site whatsoever? Can someone please explain to me how https is any more secure than plain old http? Deepmath (talk) 22:35, 1 August 2009 (UTC)
Isn't authentication a job for government, rather than private enterprise? Private enterprise isn't going to authenticate anybody unless there's money in it, and their attitude is that
more money == better authentication
What if all the private driving schools in the US issued their own drivers' licenses, and for $300 extra, I could get a super-duper extended secure driver's license that proved it was actually me driving my car, and not some illegal alien? Or what if I had to renew my driver's license every year so the DMV could make more money? Deepmath (talk) 01:05, 2 August 2009 (UTC)
Article could benefit from a criticism section. The recent certificate attacks on Comodo and DigiNotar are the system showing some strain. http://dankaminsky.com/2011/08/31/notnotar/ suggests he's been criticizing the standard for years, maybe others have meaningful things to say here too. — Preceding unsigned comment added by 220.127.116.11 (talk) 12:08, 1 September 2011 (UTC)
DV = junk?!
Why do you say dv certs are junk certs? EV is the same, just more expensive. Every CA can be promised and DV is the only thing that can be technically verified to ensure that the ssl connection to that given domain is not intercepted. --18.104.22.168 (talk) 05:55, 7 September 2012 (UTC)