From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 1AA89138CBF for ; Wed, 18 Mar 2015 06:57:15 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 43CE7E0B09; Wed, 18 Mar 2015 06:57:09 +0000 (UTC) Received: from mail-wi0-f177.google.com (mail-wi0-f177.google.com [209.85.212.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3179BE0AB2 for ; Wed, 18 Mar 2015 06:57:08 +0000 (UTC) Received: by wibg7 with SMTP id g7so81815818wib.1 for ; Tue, 17 Mar 2015 23:57:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=kHhBpc7OZBnYzwuPv6PGIb3GmKe0dUAO6ttGbFLGcmE=; b=XGOJNgOnjDcUp1Ipw8dpRXwi5A/kGz2vnJCv6sEIoDvdoPJizZfn6PtYVEmKoBnT9+ O/L1dEYxjrWjy3YxExOnSqS2+HJG0+2dMPI2B40WxhQyeEV+9vwxgEzo0/1XkhIbULvh BC+YCP69RruCSCt/ey8lBTsGuOG61ce4LelAow1VDdbqq3A6wQagFlHrRTMgy97oW+qV xQCjHZM9DZPwY+OYy35cQ+oB95RkExS5+10qHZlCx8Mh3ogsKTRZCtTsnizKTi9/jG5P 1R/tr9hyFUU2FVXJ4WP4uokJUvwcR9sZ+0uQGlzhbNljH3rYo+qH0r0BOIUUap1LPk+v Q/BA== X-Received: by 10.194.192.104 with SMTP id hf8mr139763410wjc.44.1426661826919; Tue, 17 Mar 2015 23:57:06 -0700 (PDT) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPSA id l4sm1793970wiw.6.2015.03.17.23.57.05 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 17 Mar 2015 23:57:06 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Is this a bug in firefox-36.0? Date: Wed, 18 Mar 2015 06:56:52 +0000 User-Agent: KMail/1.13.7 (Linux/3.18.7-gentoo; KDE/4.14.3; x86_64; ; ) References: <6973360.8mlYi8CvT0@navi> In-Reply-To: <6973360.8mlYi8CvT0@navi> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2218916.kRLFDfKqnm"; protocol="application/pgp-signature"; micalg=pgp-sha256 Content-Transfer-Encoding: 7bit Message-Id: <201503180657.01967.michaelkintzios@gmail.com> X-Archives-Salt: f7c120fb-bcf2-4171-a8fd-1ad8314822cd X-Archives-Hash: 2ddda0529210467e1356e8a07c835fec --nextPart2218916.kRLFDfKqnm Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Wednesday 18 Mar 2015 03:53:57 Fernando Rodriguez wrote: > On Tuesday, March 17, 2015 4:49:54 PM walt wrote: > > I get a certificate verification error when visiting https://www.att.com > > using firefox-36.0, but not when using chrome-41.0.2272.76. > >=20 > > Anyone else see the same with firefox-36? > >=20 > > BTW, I tried the latest firefox in a Win7 virtual machine and I was > > shocked to see that firefox was updating itself when I was logged in > > as an unprivileged user (i.e. *not* an Administrator). Are the idiots > > at M$ *really* that stupid? They've learned nothing, apparently, since > > Win 95 :( > >=20 > > BTW, the Win7 firefox also flagged an error when visiting the web site > > I mentioned above, but the error was displayed so subtly that I would > > have missed it if I hadn't been looking for it specifically. Very bad > > behavior. >=20 > Technically the issue is with att's SSL certificate. It may be that they > got a cheap certificate (meaning it's provides encryption but the CA did > not verificy that ATT is a legit company) or it may be an issue with the > certificate. >=20 > It doesn't give any warning for me, it just shows an exclamation next to > the address and the latest chromium does the same (it shows a triangle) > and it gives you more info: "The identity of this website has been > verified by Verizon Akamai SureSever CA G14-SHA1 but does not have public > audit records." >=20 > If you're concerned about it contact AT&T and let them know. I also don't see a (pop-up) warning on Firefox 31.5.0 and Chromium=20 41.0.2272.76, but both browsers complain for two things by means of=20 exclamation marks in their address bar: 1. Some components on the page (pictures) are not secure. It is common=20 practice to load pictures from a picture library on a different server to=20 where the main web page content is served, but they should secure all conte= nt=20 with the same keys to avoid confusion. 2. The lack of Audit records for the wildcard certificate the site is using= =2E =20 This is a new security check and relates to certificate transparency, which= =20 aims to protect us from rogue or compromised CAs: http://www.certificate-transparency.org/what-is-ct =2D-=20 Regards, Mick --nextPart2218916.kRLFDfKqnm Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAABCAAGBQJVCSG9AAoJELAdA+zwE4YeNRcH/j3qasZvshHf3WOLIXWd32n1 hNeqkv5FFFNJLHta6GaF8OrsSNlke6ygpr3+rkZIJLad/s+EHMwhyjVvktU0kQLe j1Ht7WFHKn822y6c7+RPiIaSd3cR2z+fWMxjm0eH+dRcaae0qFFCWkdpApGlp2su i/KepE6HSv4GnSwt0plCW9DWlcrkjVjRKMX7278wSXm0Q7MmzkeluF2WrK1XrssZ lJYrcUndWWom4Hpqj0ZI4Tj9EDH1UbOenDZYalDQ0QTLSwo6awhQS7eCCn0qCxWm PcMnfEbkg+B8EdcwHK0NYy+XboKntCNDrpBUyhy4hAofZkpnkJE2MLP60RR4VY0= =QnmZ -----END PGP SIGNATURE----- --nextPart2218916.kRLFDfKqnm--