Robert, to use your analogy, our cigarettes have the surgeons' warning 'cigarette smoking kills', but we smoke leisurely. Even surgeons smoke. But just remember as Michuki said 'the content of Kenic website is for public consumption'. The website is like a public brochure. The only entities who trade through the website are Kenic accredited registrar, including Google, who already have an established trust relationship with each other. This is not to let Kenic and Michuki of the hook, so it would be in order the Kenic website get a proper Ssl certificate, or stop using https altogether Regards Mwendwa Kivuva On 03/04/2010, robert yawe <robertyawe@yahoo.co.uk> wrote:
Hi,
As requested let me ask my question again and in a different format.
If I sold you a condom which had a warning from Ministry of Health that said "We do not recognise the manufacturer of this product nor guarantee it effectiveness" what is the likelihood that you will use the product?
I connected to the KENIC site and Chrome raised an issue on the authenticity of the security signature that the site was presenting. Who do I trust, the local techies telling me that this is quite safe or Google?
To Wanjiku her 1st reaction is to avoid the site, and what stops a sysop somewhere in the developed world to which we have laid our fibre optic cable from listing all .ke domains as unsafe?
Lets try and appreciate the global view of issues and also that 99.9% of web users have no appreciation or understanding of the underlying structure of a self or a publicly signed certificate. When a job applicant places his credentials on the table I definitely will take a certificate he presents from wanawatu institute with a kilo of salt as opposed to one issued by KNEC, ICDL (intentionally included) or CISCO.
So Michuki if you seriously belief that there is no implication to this self signed certificate at KENIC then tell us so.
Regards Robert Yawe KAY System Technologies Ltd Phoenix House, 6th Floor P O Box 55806 Nairobi, 00200 Kenya
Tel: +254722511225, +254202010696
________________________________ From: Michuki Mwangi <michuki@swiftkenya.com> To: robert yawe <robertyawe@yahoo.co.uk> Cc: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Sent: Sat, 3 April, 2010 12:58:43 Subject: Re: [kictanet] KENIC is wanting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Robert,
robert yawe wrote:
Hi,
A self signed certificate that my browser treats as a masquerading site that is unsafe, lets stop deceiving ourself that we are an island in the vast internet we have to comply with big brother.
I have signed this email message. Am sure you will get an error trying to validate my signature. Thats because i dont have any online secure trust relationship with you. If we did you would have a validated signature on your pgp key management database. You would also have known where you got my key from and can vouch for its credibility.
So please ask your question again....
Have you ever tried to understand why you locally issued debit card has a VISA sign on it?
is VISA security?
I still dont understand your relationship between SSL self signed certificate and DNS security?. Are you referring to DNSSEC? - if so please clarify.
Regards,
Michuki. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAku3EVMACgkQrFzEcG7FWGm9hACePII0ePOy0NwAjhoaaEMVF0fc OZEAnA7d2vju6DZ/EtrWE/BolPqCZmd9 =YRzN -----END PGP SIGNATURE-----
-- ______________________ transworldAfrica.com | Fluent in computing transworldAfrica.com/domain | The ALL powerful domain search tool kenya.or.ke | The Kenya we know