[Geany-Users] Is https://lists.geany.org/cgi-bin/mailman/listinfo/users safe.

Matthew Brush mbrush at xxxxx
Wed May 1 14:19:28 UTC 2013


On 13-05-01 01:52 AM, Frank Lanitz wrote:
> Am 01.05.2013 10:47, schrieb Enrico Tröger:
>> On 30/04/13 03:06, Lex Trotman wrote:
>>> On 30 April 2013 08:55, Chris Williams <purplewelshy at googlemail.com> wrote:
>>>
>>>>   Sorry I am a newbie and when I try to go to:
>>>>
>>>>   https://lists.geany.org/cgi-bin/mailman/listinfo/users
>>>>
>>>> I get the following error:
>>>>
>>>> *******************************************************************
>>>> This Connection is Untrusted
>>>>
>>>>
>>>>            You have asked Firefox to connect
>>>> securely to lists.geany.org, but we can't confirm that your connection is
>>>> secure.
>>>>            Normally, when you try to connect securely,
>>>> sites will present trusted identification to prove that you are
>>>> going to the right place. However, this site's identity can't be verified.
>>>>
>>>>            What Should I Do?
>>>>
>>>>              If you usually connect to
>>>> this site without problems, this error could mean that someone is
>>>> trying to impersonate the site, and you shouldn't continu
>>>>
>>>>          lists.geany.org uses an invalid security certificate.
>>>>
>>>> The certificate is not trusted because no issuer chain was provided.
>>>>
>>>> (Error code: sec_error_unknown_issuer)
>>>>
>>>>            If you understand what's going on, you
>>>> can tell Firefox to start trusting this site's identification.
>>>> Even if you trust the site, this error could mean that someone is
>>>> tampering with your connection.
>>>>            Don't add an exception unless
>>>> you know there's a good reason why this site doesn't use trusted
>>>> identification.
>>>> *********************************************************************
>>>>
>>>> Hi Chris,
>>>
>>> Unfortunately this is an argument between firefox and the certificate
>>> provider such that firefox is unwilling to include the particular
>>> certificate provider.  Other browsers such as chrome or even IE (I
>>> understand, I haven't tried myself) do include the certificate provider.
>>>
>>> The best suggestion is to use another browser or install the certificate
>>> providers certificate yourself.
>>
>> Which you can find here:
>> https://www.cacert.org/index.php?id=3
>>
>> A bit more information:
>> Frank Lanitz created this certificate and it is signed by Cacert. To be
>> able to do this, you first need to authenticate yourself to Cacert, in
>> person including an identity check. Frank, and me also, did this. So,
>> this is not just a self-signed certificate to have 'something' for SSL,
>> but a qite good certificate. Even though Mozilla just doesn't consider
>> it good enough to include the root certificate into their browser and
>> other products :(.
>
> Is it a correct time for a little SSL-Mozilla-Bashing?
> They do not include CAcert with their Web-of-Trust-based method of
> authentification, but include root-certificates which are known to be
> very week PKI and there are rumors that some of them are ruled be the
> agencies. </paranoid>
>

According the bug report[1], CACert withdrew their request to have their 
certificate added. But it is funner and easier to bash Mozilla :)

Cheers,
Matthew Brush

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=215243



More information about the Users mailing list