Warren Young wrote:
> On 9/23/2011 1:21 PM, m.roth@xxxxxxxxx wrote:
>> The one thing I don't understand is this: AFAIK, apache release not a
>> server update, but an update to the certificate chain, yanking Digitar's
>> CA.
>
> What, pray tell, are you talking about?
>
> I assume you mean "DigiNotar", the defunct Dutch CA?
Yeah, then. I thought they had several versions of their name, btw.
>
> What does the complete collapse of a once-trusted CA have to do with
> Apache? All this noise about DigiNotar is about bogus server-side
> certs, and how they impact browsers and other client-side SSL users. I
> have heard nothing about any resulting threat to Apache. The only one I
> can conceive is something to do with bogus client-side certs, which
> seems pretty unlikely, given how rarely they are used.
First, I thought that some websites had a CA on the server side, and I
thought I read that apache was pushing out a fix that merely removed the
CA from the chain. That you don't have one doesn't necessarily mean that
some other release might have one, or that some site installed it.
Also, I don't think I've seen the Mozilla update same for browsers, which
I'd *really* like to push to everybody on our subnet.
mark
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
