Re: [gentoo-user] broken seamonkey :(

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: lee <lee@yagibdah.de>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] broken seamonkey :(
Date: Sat, 05 Sep 2015 15:06:27 +0200	[thread overview]
Message-ID: <87613pkobw.fsf@heimdali.yagibdah.de> (raw)
In-Reply-To: <BLU436-SMTP2096FDFD57D20D6FDAA316F8D560@phx.gbl> (Fernando Rodriguez's message of "Fri, 4 Sep 2015 21:08:47 -0400")

Fernando Rodriguez <frodriguez.developer@outlook.com> writes:

> On Saturday, September 05, 2015 1:05:06 AM lee wrote:
>> In this case, I happen to have full physical access to the server and
>> thus to the certificate stored on it.  This is not the case for, let's
>> say, an employee checking his work-email from home whom I might give the
>> login-data on the phone and instruct to add an exception when the dialog
>> to do so pops up when they are trying to connect.
>
> As a workaround you can create your own CA cert. I tested with a windows self-
> signed cert (I guess the correct term is self-issued) and the openssl command 
> will show two certs. The second is the CA.
>
> http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/

They're saying:

"Whatever you see in the address field in your browser when you go to
your device must be what you put under common name, even if it’s an IP
address.  [...]  If it doesn’t match, even a properly signed certificate
will not validate correctly and you’ll get the “cannot verify
authenticity” error."

What's the solution for a server which can be reached by different fqdns
and IPs?  What if the fqdns and IPs it can be reached by change over the
lifetime of the certificates?

How do I deploy some sort of central infrastructure all clients on the
LAN and anywhere on the world will automatically use to do the simple
thing of adding an exception (or whatever is required for that) so that
seamonkey and relatives can be used to access email?

That's letting aside that it's ridiculous to deploy such an
infrastructure when the same thing could be achieved by the user
clicking a button once to add an exception, as it used to be.

Seriously?  The result is currently a version freeze; the alternative is
using unencrypted connections.  After some time, the version freeze
cannot be kept up.  Since there are no alternative MUAs, we can only go
back to unencrypted connections when that happens.  And that's something
I don't even want to do on the LAN.

Well, I've made a bug report about this: https://bugzilla.mozilla.org/show_bug.cgi?id=1202128

-- 
Again we must be afraid of speaking of daemons for fear that daemons
might swallow us.  Finally, this fear has become reasonable.

next prev parent reply	other threads:[~2015-09-05 13:07 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-09-03 19:53 [gentoo-user] broken seamonkey :( lee
2015-09-03 20:10 ` Fernando Rodriguez
2015-09-03 23:39   ` lee
2015-09-04  0:08     ` Fernando Rodriguez
2015-09-04  1:23     ` Dale
2015-09-04  7:54     ` Peter Weilbacher
2015-09-04 10:43       ` Mick
2015-09-04 19:50         ` lee
2015-09-04 20:25           ` Fernando Rodriguez
2015-09-04 23:05             ` lee
2015-09-05  0:43               ` Fernando Rodriguez
2015-09-05 12:06                 ` lee
2015-09-05  1:08               ` Fernando Rodriguez
2015-09-05 10:14                 ` Mick
2015-09-05 16:22                   ` lee
2015-09-05 17:16                     ` Mick
2015-09-06 14:29                       ` lee
2015-09-06 18:35                         ` Mick
2015-09-12 11:54                           ` lee
2015-09-06 19:17                         ` Fernando Rodriguez
2015-09-13 14:23                           ` lee
2015-09-05 13:06                 ` lee [this message]
2015-09-05 17:09                   ` Mick
2015-09-05 21:40                     ` Fernando Rodriguez
2015-09-05 22:24                       ` Mick
2015-09-06 13:18                         ` lee
2015-09-06 13:03                       ` lee
2015-09-06 18:44                         ` Fernando Rodriguez
2015-09-06  2:45                     ` lee
2015-09-06 18:12                       ` Mick
2015-09-12 11:20                         ` lee
2015-09-12 11:23                   ` [gentoo-user] SOLVED: " lee

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87613pkobw.fsf@heimdali.yagibdah.de \
    --to=lee@yagibdah.de \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox