[ET Trac] [Einstein Toolkit] #1061: Certificate failure
Einstein Toolkit
trac-noreply at einsteintoolkit.org
Wed Oct 17 10:45:16 CDT 2012
#1061: Certificate failure
--------------------------------------+-------------------------------------
Reporter: eschnett | Owner:
Type: enhancement | Status: reopened
Priority: minor | Milestone:
Component: EinsteinToolkit website | Version:
Resolution: | Keywords:
--------------------------------------+-------------------------------------
Comment (by eschnett):
If we require action from the end user, then we may as well skip
certificates, which are supposed to automate this process. The information
on Trac is not important enough to be worried about attackers; I'd rather
clean up a bit more spam than have to explain people how to disable the
security measures we put into place.
As Ian mentioned, we are probably not the only group facing this issue.
Large web sites (Google, Amazon, etc.) know how to use certificates in
such a way that end users don't receive warnings. I don't care about the
technical issues, or how they can be solved with or without root access by
the end user. We are paying for a service, and that service is to
authenticate us (our server) to our visitors. If this doesn't work, then
we paid too much. It's the CA's task to ensure that sufficiently many end
users have received their certificate via OS updates or some other
mechanism, and if that process takes five years, so be it -- apparently, a
root certificate lives for ten years, so there's no problem.
If someone uses a "too-new" root certificate for signing a web site, then
this seems rather like a rookie mistake to me.
--
Ticket URL: <https://trac.einsteintoolkit.org/ticket/1061#comment:11>
Einstein Toolkit <http://einsteintoolkit.org>
The Einstein Toolkit
More information about the Trac
mailing list