[mike-cardwell]

That's how the CA system works. It's up to you whether or not you wish to trust cacert. They've been around for quite a while though, and quite a few systems have their root included, eg Debian, OpenBSD, Gentoo, Centos. See:

http://wiki.cacert.org/InclusionStatus

It's just not included in the major browsers atm.

[protomyth]

"It's just not included in the major browsers atm"

Thus my statement which was factual and not incorrect. If the browser vendors don't vet the certificate authority then most people will get the warning.

[mike-cardwell]

Ok, I'll take your word for it that your browser said the certificate was "invalid" then. An inacurate choice of wording on your browsers part.

So what was the point of your comment? It sounded to me like you were suggesting that people shouldn't post articles about encryption, when their website uses certificates that your browser doesn't automatically assign trust to?

[protomyth]

Well, it seems like having a certificate from a CA not in most people's browsers, each of these methods described in the original article http://www.gushi.org/make-dns-cert/HOWTO.html require work from the user and aren't supported out of the box.