Re: Fedora home server using core 9 | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
Bruno Wolff III wrote:
What really annoys me is when some fool thinks that getting a certificate made out to www.example.com is fine when they try to use it with mail.example.com, so I always see completely avoidable warnings. If they'd had the sense to had a wild-card type of certificate made out to just example.com, or had the certificate cover more than one sub-domain, or created more than one certificate, things would just work.The reason they don't get a wildcard cert or a CA cert is that CA's that have certs installed with the browsers charge more. They'd rather you'd pay them to sign your certificates rather than allow you to easily be your own CA for essentially the same cost of a single cert. The security benefit of doing that way is negligible. It's all about money. What Firefox (and other browsers) should be doing is treating https with a self signed cert the same as http.
Even nicer would be to automatically check with all of the signing authorities that the browser currently trusts as to whether they have issued a certificate for this name or not. If any of them have, the self-signed copy is likely to be a fraud of some sort. Otherwise it is probably just a site that only wants encryption for the data stream - or perhaps just the authentication, but http(s) doesn't provide a handy way to separate the steps.
-- Les Mikesell lesmikesell@xxxxxxxxx -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
