Certificates on the Ubuntu web sites
Jim Cheetham
jim at egressive.com
Thu Jun 30 22:49:45 CDT 2005
On Thu, 2005-06-30 at 13:54 +0100, Magnus Therning wrote:
> I find it rather strange that the certificates in use on the Ubuntu web
> pages aren't signed by a CA that's trusted by my firefox running on
> Hoary Ubuntu (installed from the standard Hoary package).
Indeed - unless sabdfl has "agreed" to stay away from the certificates
business (which wouldn't surprise me) then there should be a root cert
for Ubuntu installed by default.
Actually there's nothing to stop Ubuntu from doing this, even if
Canonical can't. So I suggest an UbuntuCA be explicitly created and
seeded into all SSL products (i.e. Firefox and other browsers. Anything
else?) that are in main at least.
I can't find a match for "certificate authority" or "ssl ca" on the
wiki, which suggests no-one else is doing it. I'll start something if
that doesn't conflict with some existing work that I'm unaware of at the
moment.
> It's also interesting that launchpad.ubuntu.com uses the same
> certificate as bugzilla.ubuntu.com, which means firefox complains about
> a mismatch between the site's URL and the CN of the certificate.
Even with a valid CA this is "wrong" - however as has been pointed out
"we" already know that we can apply ssl-trust to these domains, but it
"should" be done properly.
That's not an Ubuntu issue so much as an "administration of the Ubuntu
servers" issue. At the same time I'd suggest reviewing whether or not
"ubuntu.com" is congruent with "ubuntulinux.com" (and any other ubuntu
domains out there) because I occasionally type in the wrong one ...
> What was it Thawte did to make money now again ;-)
Errm, "Use Open Source in the Right Place at the Right Time", wasn't it?
--
-jim cheetham = jim at egressive dot com
www.egressive.com, www.effusiongroup.com
More information about the ubuntu-devel
mailing list