On 2014-07-07 13:36, Dirk Stöcker wrote:
On Sun, 6 Jul 2014, Maarten Deen wrote:
I opened JOSM (webstart) and it came with a question to install a
certification authority for localhost with a sha1 thumbprint
I have no knowledge of having generated a sha1 thumbprint on my
windows computer, so I am interested to know how JOSM can ask this.
I also don't know why JOSM needs this. Is this something from JOSM or
has some worm crawled in? (yes, this was the first thing that entered
my mind).
Due to the browser restrictions of today any request to the remote
control of JOSM needs to be HTTPS as well when used from a HTTPS page.
For a HTTPS server functionality we need a certificate. The request
you talk about tries to copy that certificate to the JAVA keystore, so
it can be used. The browser still should ask you about it (at least
for first connection), as it is a self-signed cert.
But whose certificate is it? Where can I validate the key? It is not
localhost, because my computer is localhost and it is not a key I
generated on my computer. It is JOSM that is trying to install this
certificate. So the "certification authority caliming to represent
localhost" is not correct. At least that should be changed to JOSM.
Lets make it clear that, not having created this thumbprint myself, I
can not verify this thumbprint and that this seems a very strange way
of operating.
If you have a better solution, feel free to fix it.
I really dislike such replies. You seem to insinuate that the only ones
to make comments are the ones that have the knowledge and ability to
change the source.
I hope my view of your answer is incorrect.
You may not like criticism, but my goal is not to talk the developers of
JOSM down but to try to give them hints of how things could (IMHO)
improve.
Regards,
Maarten
_______________________________________________
josm-dev mailing list
josm-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/josm-dev
