Fedora home server using core 9

Alan Cox alan at lxorguk.ukuu.org.uk
Wed Sep 3 19:05:15 UTC 2008


> This is a misleading warning that the Firefox developers have decided to use.

I wouldn't call it misleading. Firefox accepts a set of signing agencies
that do at least the basic authority checking business expects -
paperwork, address, check against government records stuff. It doesn't by
default accept others as they don't do those checks.

> It is really just a warning and if you don't want to see them in the future,
> you can save the cert and you won't see them any more. I get these a lot since
> I have deleted all of the delivered CA's because I have no special trust
> relationship to them. I either permanently or temporarily OK certs for sites
> when using https connections.

Your choice. However if you deleted the delivered CA signatures and don't
check against them they you have no way of knowing if you are talking to
a DNS spoofed site that is relaying.

> > My immediate thought was that if ScientificLinux expect me
> > to jump through hoops to view their web-page
> > then they are unlikely to place ease of use
> > high on their list of priorities -
> 
> The issue is really Firefox's fault, not Scientific Linux's.

I would disagree. Firefox doesn't want to trust untrustable CA's.
Scientific Linux doesn't want to have to pay out for commercial
certificates.

'Fault' is a curious word to use for that. Both are doing valid sensible
things.

Alan




More information about the fedora-list mailing list