Certificates on the Ubuntu web sites
Magnus Therning
magnus at therning.org
Thu Jun 30 07:54:37 CDT 2005
I find it rather strange that the certificates in use on the Ubuntu web
pages aren't signed by a CA that's trusted by my firefox running on
Hoary Ubuntu (installed from the standard Hoary package).
It's also interesting that launchpad.ubuntu.com uses the same
certificate as bugzilla.ubuntu.com, which means firefox complains about
a mismatch between the site's URL and the CN of the certificate.
What was it Thawte did to make money now again ;-)
/M
--
Magnus Therning (OpenPGP: 0xAB4DFBA4)
magnus at therning.org
http://therning.org/magnus
Software is not manufactured, it is something you write and publish.
Keep Europe free from software patents, we do not want censorship
by patent law on written works.
As it is used, with the average user not bothering to verify the
certificates exchanged and no revocation mechanism, SSL is just simply
a (very slow) Diffie-Hellman key-exchange method. Digital certificates
provide no actual security for electronic commerce; it's a complete
sham.
-- Bruce Schneier, Secrets and Lies
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20050630/74f8a343/attachment.pgp
More information about the ubuntu-devel
mailing list