@jasonrobinson Another certificate authority is not a new technology.
Just to clarify again:
This is not about pods using CACert certificates, which is possible anyhow. It’s about allowing interpod-communication (federation) with pods using CACert-certificates.
Still totally against this. Anything that makes it likely that some users will not see some posts or will get security popups will just help to kill Diaspora* and make it just another geeky hackerspace.
@jasonrobinson Actually at the moment users will not see posts from users on CACert-pods. And referring to @jonnehass embedding content from CACert pods will not provoke popups! - So I don’t see your point!?
Can someone explain why there will not be a warning given to user for posts coming from a pod without a “valid” cert? In terms that even I can understand. Maybe we have no votes who just don’t understand the issue.
I think the current problem with Firefox 23 not allowing HTTP-content in an HTTPS page is a great example for what we risk: a broken stream. Imagine a user accepted CaCert authority in his desktop browser. Then he uses his mobile and see that there are missing images (they are linked directly from the origin pod), but have no idea why. We don’t want that, so what should we do? Warn him it’s because he didn’t add cacert authority? Then explain him how to do that? On a mobile browser, not obvious. I’m almost even sure that you can’t with the default browser.
We have to avoid creating different behaviors depending on the user configuration. It’s the game of the web, have the same rendering in every platform…
So here’s a test page https://social.mrzyx.de/test.html
Looks like IE and Safari completely block, no “security popups” in Chrome, Firefox and Opera. I guess I’m just going to give up.
@jonnehass In Firefox 23 the two images with an CACert certificate are blocked without an popup
Yes, that is expected. But the point is that for the large majority there won’t be any popups. On my list of things to include in the explanation when mentioning that CACert would be a possibility was the fact that remote people won’t see the images, I was very aware of that from the start.
So what is the conclusion? If this motion passes and the implementation is done correctly, the ONLY effect is that some people will not see images from pods with CACert?
If this is so I’ll change my vote.
@jasonrobinson except for podmin using cacert for their domain name, but this would be pod specific and not impacting the whole network.
@jonnehass I got two security popups for your test page using Opera 12.14.
Interesting, I didn’t for Opera 15
No security pop up but no image for Firefox 23 
My version of Opera is the last one before they shifted to Webkit, which might explain the difference. I think a fair few people decided not to upgrade at that point, so there are probably others who use older versions.
Well 12.14 only came out 6 months ago, so isn’t really old… but I’ve just discovered there is now a 12.16, which came out last month, so have updated to that, and still get the warnings.
The changelog mentions fixing a problem with signing certificates in this release - not sure if it’s related to this: http://www.opera.com/docs/changelogs/unified/1216/
I’m keen not to move up to 15 because I like Opera with the Presto engine, and have read that Webkit is causing issues so would rather not upgrade further. As I say, it seems as though a fair number of Opera users feel the same.
Doesn’t sound very good
I’m sorry, “the majority won’t see security popups” isn’t good enough for me. Dolphin/Android browsers are very popular and missing photos confuses people too. I don’t have a mobile apple device to test their very popular browser. If it can be demonstrated that no users will get warnings, I will change my vote.
Testing Dolphin 5.0 in iOS 4.2 (out of date, I know), I get no popups but the last two images don’t load.
Opera Mini 7.0.5 (same OS): no warnings, all images load fine.
Safari (latest version for my OS version; not sure which version number): no warnings, last two images don’t load.
I realise this doesn’t answer your Android query directly, but it adds to the browsers tested.
I think we have a big problem. I tested the default Android browser that comes with 4.2.2 (CyanogenMod, but prob no different?) - and two popups are generated.
Android being the most popular mobile operating system around I really don’t think we should do this now. Rather when the situation changes, we should adapt. If we start accepting cacerts now and the situation gets worse - we cannot go back and have locked D* into a popup heaven.
Other browsers I tested (on Ubuntu) are Firefox 23, Chromium 28, Midori 0.4.3 and Epiphany 3.6.1 - no popups in any of those but also of course no images shown.
Of course we could filter out posts from the stream based on user agent but that is getting a bit hacky.
I’m sad that I had to vote no on this. Having CACert as a valid CA would have been perfect for my usecase, which is hosting a private pod on a subdomain without giving big money to snakeoily CAs. But as the system is set up right now, we can’t do anything about the content that the user receives directly from the CACert-certified pods, and they most probably would get error messages or warnings. If images would be proxied through the users own pod, this might be viable, so maybe this should be implemented.