From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1PwiMR-0002YM-2R for garchives@archives.gentoo.org; Mon, 07 Mar 2011 21:53:03 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 349A01C025; Mon, 7 Mar 2011 21:52:53 +0000 (UTC) Received: from mail-wy0-f181.google.com (mail-wy0-f181.google.com [74.125.82.181]) by pigeon.gentoo.org (Postfix) with ESMTP id B5F04E0486 for ; Mon, 7 Mar 2011 21:52:24 +0000 (UTC) Received: by wyb42 with SMTP id 42so7115417wyb.40 for ; Mon, 07 Mar 2011 13:52:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=63PfF6tBT9XHMns/FI2MkDdb3hCz2zF/k1a2K/AL2k4=; b=jJiFAdQfpTCUfyyIiF2dUsQRD6mK+RcdEC/nywe5aRG7m79R+6tTERGPT8hrMOO6UB NdKCBobnadbFS8tg5mPW8pZx0aCQSMkl1a/zTGY+lsYXmHKDRGMbFbfTLUNwGH491OZz GcogWcsa+NjPUiuL7eeov679y+yFYBSEoRuU0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; b=D7Pa3G/7rqUmv7NHQAopzU/TYG6FWPBj/l2oPqFdME74Szqnbl/P4NSIUpripXrnD1 0Ie2GMQOLZambD2JfKfhhfBhjhkIEacjw97+WoBRZADL/AmC+Owwfo2fswUrVTZ6H6DJ xl8OrYc6ciM7uUtPX4KvFCa1kTtYG/NeDkOSo= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.227.11.146 with SMTP id t18mr796248wbt.104.1299534743924; Mon, 07 Mar 2011 13:52:23 -0800 (PST) Sender: freemanrich@gmail.com Received: by 10.227.149.195 with HTTP; Mon, 7 Mar 2011 13:52:23 -0800 (PST) In-Reply-To: <20110307213255.GK4530@gentoo.org> References: <4D7410E3.3070708@gentoo.org> <20110307101214.37beac3a@pomiocik.lan> <20110307144819.GA28374@kaini.schwarzvogel.de> <20110307204708.5da83080@pomiocik.lan> <1299528385.26337.22.camel@TesterTop4> <20110307213255.GK4530@gentoo.org> Date: Mon, 7 Mar 2011 16:52:23 -0500 X-Google-Sender-Auth: NpRh5CcGppe1AZjaECpClBZ_1oE Message-ID: Subject: Re: [gentoo-dev] Bugzilla 4 migration From: Rich Freeman To: gentoo-dev@lists.gentoo.org Cc: Fabian Groffen Content-Type: text/plain; charset=ISO-8859-1 X-Archives-Salt: X-Archives-Hash: 1f56202cea5f04250ed0a626cc41da52 On Mon, Mar 7, 2011 at 4:32 PM, Fabian Groffen wrote: > As outsider, I don't like to accept another certificate thing, just to > view a bugtracker. When you think about it, this is a defect with your browser, and not so much with SSL itself. Your browser generally doesn't complain about unauthenticated connections. It accepts unauthenticated connections that aren't encrypted without any issues, despite these being completely open to numerous attacks. However, your browser does complain when it makes an unauthenticated connection that IS encrypted, even though this is vulnerable to far fewer attacks. Browsers shouldn't bug the user about self-signed certificates - they should simply and clearly show that the user is connected to a host that isn't authenticated by a trusted intermediate. Oh, and browsers shouldn't come with root certs pre-installed by the browser distributor either, but that is about as likely to get fixed as the problem I just described. In any case, I don't see poor browser design as a valid reason for avoiding the use of SSL... Rich