On 20 feb 2008, at 19:45, James Galvin wrote: > AMS obtains certificates for their clients from Starfield > Technologies: > <http://www.starfieldtech.com/> > Do you have a concern about this choice or is your concern about > the fact that your browser didn't accept the certificate by default? The latter. > As far your browser not accepting the certificate, I'm sure you > realize there a lot of reasons that could happen including the > latest version of Safari "missing" a particular root certificate. Right. Not sure what it was in this case, because when I tried it just now from home, first with Firefox and then again with Safari, there were no problems. I would have been surprised if AMSL had used a CA that isn't widely accepted by default, because that requires people to install a new root certificate, which is a somewhat big deal: you wouldn't want to install a "bad" root certificate so this involves a fair amount of checking. On 21 feb 2008, at 0:15, Mark Andrews wrote: > It's not just Safari, it's also Firefox. > Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.11) Gecko/ > 20080126 Firefox/2.0.0.11 > Note: Firefox has a root cert from them. Just not the one > that signed this cert. What I'm seeing right now is a certificate from AMSL with SHA-1 fingerprint 9F B6 01 FE 68 40 BB F6 6F 55 06 28 7C 42 15 01 38 0A CA 66 signed by a Starfield certificate with SHA-1 fp 7E 18 74 A9 8F AA 5D 6D 2F 50 6A 89 20 FF 22 FB D1 66 52 D9 and then one with SHA-1 fp 36 3E 47 34 F7 57 BD EB 89 86 8E FE 94 90 77 74 A3 27 69 5E which is signed by Valicert with SHA-1 fp 31 7A 2A D0 7F 2B 33 5E F5 A1 C3 4E 4B 57 E8 B7 D8 F1 FC A6 Iljitsch _______________________________________________ IETF mailing list IETF@xxxxxxxx http://www.ietf.org/mailman/listinfo/ietf