[Goodies-dev] Accounts for the new release manager
Brian J. Tarricone
brian at tarricone.org
Wed Jul 22 19:50:18 CEST 2009
On 07/22/2009 03:50 AM, Enrico Tröger wrote:
> Additionally, the SSL certificate doesn't match the hostname. This is
> mostly just annoying and can be easily fixed by creating a proper
> certificate.
Well, that's potentially a problem. I'm not sure if we have more than
one IP address. If not, all vhosts on mocha that need to use https will
have to use the same cert. In that case I'd probably generate a
wildcard cert.
> Ideally, the created certificates are signed by some real
> CA like cacert.org who sign for free.
Last I checked you had to go through a retarded verification procedure
before you can get a CAcert-signed cert.
> This way users only have to
> import the cacert.org root certificate and not to accept the
> self-signed certificate each time.
There's no need to accept it each time. You just add an exception, like
you have to do with the countless other OSS-related https sites that
have a self-signed cert.
> And I assume most users don't even
> check the certificate at all, they just accept it. Also because there
> seems to be no easy way to check the fingerprints. So the most of the
> whole idea of SSL encryption is lost by this fact.
Not really. For me, the most important part of SSL for non-critical
services (where critical would be financial stuff, banking, etc.) is the
encryption.
-brian
More information about the Xfce4-dev
mailing list