Am 19.11.2012 17:42, schrieb Blake Hudson: > > Reindl Harald wrote the following on 11/19/2012 10:08 AM: >> >> Am 19.11.2012 17:03, schrieb Sergio: >>> Is it the case that these site owners should contact Mozilla for >>> them to update the certificate bundle or, in the case of official >>> Fedora sites, should an extra package with Fedora certificates be >>> created? >> they won't >> >> these are self signed certs because they do the same: encryption >> if you want you certs accepted from browsers you need to sign >> them by a CA like Thawte what is expensive >> >> that is how https works >> > That is not how HTTPS works. how it works in the real world theory does not help the average user does not understand anything and educate them to accept ssl-warnings is exactly the wrong way for security > HTTPS does not require an expensive commercial CA like Thawte. technically not but for access a page with a default client without warnings for sure > First, if Fedora/Redhat wanted, they could include their own CA certificate > with their own distribution with no additional cost if you live in your own world with no other clients as redhat used yes - but that is not how the world works out there > Second, there are free or low cost CAs like StartSSL one question is: are they accepted in default browsers another question is: how trustable are free CAs
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
