Julian Mehnle wrote on spf.council: > I have configured the website to support HTTPS + Basic Auth access.
The https part works, thanks. Login also works, great. > I am having trouble accessing <https://www.openspf.org> with Internet > Explorer, however it works fine with Firefox and Opera. AFAIK IE doesn't like self-signed certificates, but I can't test it at the moment. Depending on the configuration it could also check revoked certificates, but I forgot how that works, is it some "well- known location" magic ? > You're going to use some other "Mozilla 3.0" browser anyway. That creature is happy with the certificate. I could even install openspf as CA if you publish the root certificate. When I tried it I found that "mozilla 3" won't like more than 1024 at some point of the openssl procedure, but obviously you avoided that trap. > Your password is the same as the one I had originally sent you for > the Subversion repository on 2006-09-21 (ask if you don't have it > anymore). SVN notes it somewhere, I found the place... :-) Your passwords are not only hellish for attackers but also for command lines, I'd add Base64 as final step, claiming that ugliness is no entropy... :-) > You can change it by clicking on the "Change Password" link in the > toolbar at the top of the website. I tried something simple first, "change pref", and it said "password removed", probably talking about an "admin pasword" (whatever that is), is that good ? > The hack should eventually be undone, as soon as Frank gets a new > web browser that supports HTTP Digest Auth (hint, hint). That will probably insist on 2831bis Digest-MD5 as I'm running out of ideas to nitpick Alexey's draft... get ready for SASLprep. <beg> Seriously, Lynx also doesn't support Auth: Digest, if you're looking for something that's even _more_ baroque than SPF Digest-MD5 is it. The DynDNS folks flat out refused to support Auth: Digest for update clients when I asked them (years ago) => SSL or bite (Auth: Basic). Frank ------- To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?list_id=1996
