Jean-Marc Desperrier wrote:
This is something that I've seen also, and it makes me worried that the
current Fx solution *doesn't* really work as advertised.
The people see the warning, and the next minute, they start IE to access
the site.
Think about it : Instead of protecting them, Fx
Nelson B Bolyard schrieb:
I think the solution that Jean-Marc outlined above would make some
sense: It would make it a bit easier to visit certain sites, but disturb
permanently if someone visits a site that has no trust anchor in firefox.
There's a great deal of evidence, and consensus
Thorsten Becker wrote:
Nelson B Bolyard schrieb:
I think the solution that Jean-Marc outlined above would make some
sense: It would make it a bit easier to visit certain sites, but
disturb permanently if someone visits a site that has no trust anchor
in firefox.
There's a great deal of
Jean-Marc Desperrier schrieb:
So the solution I'd be in favor of is :
- Declare the current SSL error screen a failure
- Let people go through the SSL error screen easily, just like in Fx 2
- After they have gone though the SSL error screen and as long as they
stay on this SSL site, display
Steve schrieb:
May I ask why a university didn't just obtain another SSL certificate?
I mean you can obtain SSL certificates (RapidSSL is ~$20) cheap now.
We are on only one of almost 200 universities and research institutes in
Germany that rely on services provided by the Deutsche
Steve schrieb:
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] says...
Think about it : Instead of protecting them, Fx has pushed them to take
a decision that heightens their risk level, it would have been more
secure to let them go though the warning and access the site with Fx
rather
Eddy,
Eddy Nigg schrieb:
I think one CA in public discussion per time just fine, however the
overall throughput could be accelerated. That would allow for a new CA
every two weeks or so.
that's an excellent idea to schedule the start of a public discussion
phase every two weeks.
Thorsten Becker:
Eddy Nigg schrieb:
I think one CA in public discussion per time just fine, however the
overall throughput could be accelerated. That would allow for a new CA
every two weeks or so.
that's an excellent idea to schedule the start of a public discussion
phase every two weeks.
In article [EMAIL PROTECTED], tb-news-2006
@arcor.de says...
We are on only one of almost 200 universities and research institutes in
Germany that rely on services provided by the Deutsche Forschungsnetz
I know, however if you look at the costs of a new certificate vs. the
costs involved
Steve schrieb:
I know, however if you look at the costs of a new certificate vs. the
costs involved in training, waiting, applying workaround; purchasing a
new certificate would make sense.
It would have made sense over a year ago when the whole process was
started - If Mozilla had said:
Eddy Nigg schrieb:
Thorsten Becker:
that's an excellent idea to schedule the start of a public discussion
phase every two weeks. Additionally it would be great to have a public
queue, where every request that has passed the information gathering
process would be placed. So every CA would
Thorsten Becker:
It would have made sense over a year ago when the whole process was
started - If Mozilla had said: We wont get it in for over a year. But
at that time it was never clear that it would take more than a year.
Ohoommm, please note that the audit of T-Systems was completed only
Eddy,
just to make it clear: I'm not working for a CA, I am just a user.
Eddy Nigg schrieb:
Ohoommm, please note that the audit of T-Systems was completed only at
the end of the previous year, which is usually a bad time anyway
(holidays, vacations etc). Subsequently the process was
Thorsten Becker:
There has been an earlier audit. Gerv raised concerns about that audit
in comment #12, they were adressed in comment #13. In july all
information were gathered and in august the information was finally
confirmed complete. IMHO the public discussion phase could have
started
Steve wrote:
In article[EMAIL PROTECTED],
[EMAIL PROTECTED] says...
Think about it : Instead of protecting them, Fx has pushed them to take
a decision that heightens their risk level, it would have been more
secure to let them go though the warning and access the site with Fx
rather than
May I ask why a university didn't just obtain another SSL certificate?
I mean you can obtain SSL certificates (RapidSSL is ~$20) cheap now.
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
On Wednesday 16 July 2008 15:08:15 Frank Hecker wrote:
...
We are doing what we can. However by design we do not simply
rubber-stamp CA requests. We have an official policy which was
developed through a process of community consultation, and we follow a
similar process of community discussion
Rob Stradling:
On Wednesday 16 July 2008 15:08:15 Frank Hecker wrote:
...
We are doing what we can. However by design we do not simply
rubber-stamp CA requests. We have an official policy which was
developed through a process of community consultation, and we follow a
similar process of
Thorsten Becker wrote:
[...]
I'm currently seeing more and more Firefox users migrating to version
3.0. [...] Firefox is
quite harsh about unknown certificates.
The reactions of the users are either of:
[...]
-switching the browser
the latter more likely than the former. Consequently we
Rob Stradling wrote:
Frank, is there any reason why you can't have multiple candidate CAs having
their public discussion periods simultaneously?
No reason at all; in fact, technically we have two in public discussion
right now (GlobalSign and T-Systems). The major bottleneck is collecting
On Thursday 17 July 2008 13:33:04 Frank Hecker wrote:
Rob Stradling wrote:
Frank, is there any reason why you can't have multiple candidate CAs
having their public discussion periods simultaneously?
No reason at all;
Thanks Frank. That's good to hear.
in fact, technically we have two in
Rob Stradling wrote:
Frank, in Bug #421946 Comment #15 you said:
I'll proceed with the first public comment period once I figure out where
this request sits in the queue relative to other similar requests.
If the public comment/discussion periods are not the major bottleneck, then
can you
On Thursday 17 July 2008 16:50:50 Frank Hecker wrote:
Rob Stradling wrote:
Frank, in Bug #421946 Comment #15 you said:
I'll proceed with the first public comment period once I figure out
where this request sits in the queue relative to other similar requests.
If the public
Frank Hecker:
P.S. Incidentally, I have no problem whatsoever with CAs pinging me
directly (via email or phone or whatever) to remind me that their
requests need attention. Please feel free to do that if ever you should
need to.
Frank, I think you mentioned in the past the ECC requests are
Frank Hecker:
Eddy Nigg wrote:
Frank Hecker:
P.S. Incidentally, I have no problem whatsoever with CAs pinging me
directly (via email or phone or whatever) to remind me that their
requests need attention. Please feel free to do that if ever you should
need to.
Frank, I think you mentioned
Hello,
I'm responsible for a university site in Germany that is SSL secured,
with a certificate issued by a CA which is trusted by T-Systems. The
T-Systems cert is not (yet) included in firefox, the details can be seen
in Bug 378882.
I'm currently seeing more and more Firefox users migrating
Thorsten Becker wrote:
I'm responsible for a university site in Germany that is SSL secured,
with a certificate issued by a CA which is trusted by T-Systems. The
T-Systems cert is not (yet) included in firefox, the details can be seen
in Bug 378882.
As it happens, I will be starting the
Frank Hecker wrote:
As it happens, I will be starting the first public comment period for
T-Systems today.
That really is good news!
We are doing what we can. However by design we do not simply
rubber-stamp CA requests. We have an official policy which was
developed through a process of
28 matches
Mail list logo