Firefox certificates for Fedora sites?
Reindl Harald
h.reindl at thelounge.net
Mon Nov 19 17:04:21 UTC 2012
Am 19.11.2012 17:42, schrieb Blake Hudson:
>
> Reindl Harald wrote the following on 11/19/2012 10:08 AM:
>>
>> Am 19.11.2012 17:03, schrieb Sergio:
>>> Is it the case that these site owners should contact Mozilla for
>>> them to update the certificate bundle or, in the case of official
>>> Fedora sites, should an extra package with Fedora certificates be
>>> created?
>> they won't
>>
>> these are self signed certs because they do the same: encryption
>> if you want you certs accepted from browsers you need to sign
>> them by a CA like Thawte what is expensive
>>
>> that is how https works
>>
> That is not how HTTPS works.
how it works in the real world
theory does not help
the average user does not understand anything and
educate them to accept ssl-warnings is exactly
the wrong way for security
> HTTPS does not require an expensive commercial CA like Thawte.
technically not but for access a page with a
default client without warnings for sure
> First, if Fedora/Redhat wanted, they could include their own CA certificate
> with their own distribution with no additional cost
if you live in your own world with no other clients
as redhat used yes - but that is not how the world
works out there
> Second, there are free or low cost CAs like StartSSL
one question is: are they accepted in default browsers
another question is: how trustable are free CAs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20121119/0d32e8d6/attachment.sig>
More information about the users
mailing list