firefox and bad ssl certificates

Zak B. Elep zakame at
Wed May 14 03:51:19 UTC 2008

On Wed, May 14, 2008 at 11:40 AM, Mackenzie Morgan <macoafi at> wrote:
> On Tue, 2008-05-13 at 16:24 -0400, Phillip Susi wrote:
>> No, they won't, and shouldn't.  Why pay some idiot corporation an
>> extortion fee just because they bribed the browser manufacturers to
>> include their certs by default?  There is NO added security to having a
>> paid for cert.  See the several incidents where bank web sites have been
>> spoofed on a slightly misspelled version of the domain name and issued a
>> "valid" cert from a CA "proving" they are the bank you thought you were
>> visiting.
>, which has its certs included in Ubuntu by default, is
> free.

Be advised however to use the new OpenSSL[0] to generate your CSR and
private key pair, in light of DSA-1571[1].


It may also be worth considering putting off submitting CSRs to CAs
(CACert included) until those CAs can confirm that they are not (or no
longer) affected by the issue.



Zak B. Elep ||
zakame at || zakame at || zakame at
1486 7957 454D E529 E4F1 F75E 5787 B1FD FA53 851D

More information about the Ubuntu-devel-discuss mailing list