Gentoo Archives: gentoo-dev

From: Rich Freeman <rich0@g.o>
To: gentoo-dev <gentoo-dev@l.g.o>
Subject: Re: [gentoo-dev] CA-certified SSL
Date: Tue, 05 Feb 2013 18:06:43
Message-Id: CAGfcS_=Rp0fZbBfiZ-5vMZ58gB6mhX35x48-VABngmmzQ_fr1g@mail.gmail.com
In Reply to: [gentoo-dev] CA-certified SSL by Dirkjan Ochtman
1 On Tue, Feb 5, 2013 at 11:59 AM, Dirkjan Ochtman <djc@g.o> wrote:
2 > I think it's really quite silly that we keep inconveniencing ourselves
3 > and our user by not having proper certificates that get recognized by
4 > all the major browsers, preferably wildcard variants (particularly for
5 > Bugzilla attachments).
6
7 My knee-jerk reaction is that your browser has a bug. It thinks that
8 it is appropriate to sound alarms for unauthenticated SSL connections
9 but not for unauthenticated non-SSL connections. A workaround is to
10 emerge ca-certificates.
11
12 That said, I do understand your concerns (my pet peeves with the CA
13 infrastructure and modern browsers notwithstanding).
14
15 >
16 > I'd be happy to handle the certificates and renew them every time when
17 > needed, passing them on to infra staff via a channel they deem secure
18 > enough, although it would be nice if someone else can provide me with
19 > funds (e.g. the Trust/Foundation?).
20
21 I'm sure the trustees would be interested as long as this was aligned
22 with infra. I'd reach out to them first and work out a plan - paying
23 for it is likely to not be a big issue (and we've had offers of
24 donated certificates as well).
25
26 Rich

Replies

Subject Author
Re: [gentoo-dev] CA-certified SSL Dirkjan Ochtman <djc@g.o>
Re: [gentoo-dev] CA-certified SSL Alec Warner <antarus@g.o>