Short GPG HOWTO and Re: hackage, cabal-get, and security

Isaac Jones ijones at
Tue May 17 14:12:57 EDT 2005

Shae Matijs Erisson <shae at> writes:

> Isaac Jones <ijones at> writes:
>> How does one generate a signed SSL certificate?  It's very costly, isn't it?
> It's free to generate a self-signed certificate, but that doesn't help much.
> As you suggest later in this email, there could be a CA on

But how do you configure your browser / client to trust that
certificate?  I guess in web browsers it usually tells you that it's
signed by an unknown CA, do you want to trust it, then you can click

Presumably for SSL you either need to:

- Buy an expensive certificate from a known CA (maybe there are free /
  cheap ones?)

- Trust any old certificate that comes along

- Build a web of trust for signing certificates, just the same as for
  gpg.  Is there a way to do this?  GPG has built-in ways to do this,
  does SSL?

Thanks for the GPG HOWTO!



More information about the Libraries mailing list