[olug] Web Site Certificates - OT

Dan Anderson dan-anderson at cox.net
Tue Dec 23 21:43:20 UTC 2008


Yea...You'd hope that the browser vendors send out a patch to remove
this CA, or the CA at least does a proper revocation - quickly.

A CA not properly verifying certs before signing them is _worse_ then
self-signing.  At least with self-signing the user gets to make a
choice about how they want to proceed (even if they probably don't
have enough info to make an informed decision).

FYI - Firefox's dialogs around disabling certs are not very good.
When you "Delete" a cert it leaves the list until you restart Firefox
at which point it will return.  However, what happens behind the
scenes is that the cert is disabled from being used, but is kept in
the list.  You can check that a particular cert is set to be used by
using the "Edit" button.

Dan

On Tue, Dec 23, 2008 at 11:23 AM, Will Langford <unfies at gmail.com> wrote:
> Old thread, I've seen other things relating to the topic (self signed vs not
> etc).
> Successful man in the middle goodness.
>
> http://it.slashdot.org/article.pl?sid=08/12/23/0046258
>
> and, forbid me for reading user comments... but...:
>
> http://it.slashdot.org/comments.pl?sid=1071061&cid=26211327
>
> -Will
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>



More information about the OLUG mailing list