From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1S0lQ7-0002FC-RM for garchives@archives.gentoo.org; Fri, 24 Feb 2012 03:02:08 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3DE85E0BDD; Fri, 24 Feb 2012 03:01:59 +0000 (UTC) Received: from mail-lpp01m010-f53.google.com (mail-lpp01m010-f53.google.com [209.85.215.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 8FB65E0A99 for ; Fri, 24 Feb 2012 03:01:02 +0000 (UTC) Received: by lahd3 with SMTP id d3so2597084lah.40 for ; Thu, 23 Feb 2012 19:01:01 -0800 (PST) Received-SPF: pass (google.com: domain of adamcarter3@gmail.com designates 10.112.100.34 as permitted sender) client-ip=10.112.100.34; Authentication-Results: mr.google.com; spf=pass (google.com: domain of adamcarter3@gmail.com designates 10.112.100.34 as permitted sender) smtp.mail=adamcarter3@gmail.com; dkim=pass header.i=adamcarter3@gmail.com Received: from mr.google.com ([10.112.100.34]) by 10.112.100.34 with SMTP id ev2mr183855lbb.13.1330052461594 (num_hops = 1); Thu, 23 Feb 2012 19:01:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=S1L2w+vAx6SrOs4h9O2Q6Bb7cMJcii1GKd/pz8g1l1k=; b=UpW+vFMokq2HSj+Vgz/xgSZUzFt4vK+V4HA5pFgLJXwvZV4+HkdUFulcSfP6TFaLOp GtLHlHY98edI2YF65qsgpU/EDZfT7An0eQWLL23FmQ/GCYVXvZlgS3qLQkY9go3A5l7t A9giCWXmpumIQgWVRyI1eURdBEJ6JqTh0InMs= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.112.100.34 with SMTP id ev2mr151724lbb.13.1330052461537; Thu, 23 Feb 2012 19:01:01 -0800 (PST) Received: by 10.112.28.170 with HTTP; Thu, 23 Feb 2012 19:01:01 -0800 (PST) In-Reply-To: References: Date: Fri, 24 Feb 2012 14:01:01 +1100 Message-ID: Subject: Re: [gentoo-user] This Connection is Untrusted: WAS: Firefox-10.0.1 fails to compile on x86 From: Adam Carter To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 X-Archives-Salt: 039eba36-7336-450b-94e1-2ed602ade038 X-Archives-Hash: 8d1dc86c42cda4f2f01d5cb6d0d363f0 >> In all of those cases above, if you allowed the connection it would >> still be SSL encrypted. You'd be protected against packet sniffers but >> not against man-in-the-middle attack. And the reason someone will man-in-the-middle you, is so they can sniff your traffic and get passwords or other sensitive information. This is done by terminating the SSL session from you, and then creating a new SSL session to the real server. >> By switching to http your >> session occurs in plain-text and is vulnerable to both attacks. >> > > OK, clearly I'm overstating the problem then. I haven't ever had any > problems logging into password protected, little closed lock in the > bottom corner web sites so that's not a problem. The real problem I've > noticed the most is just with these links that arrive as https:// type > links and Firefox asking me to specifically accept these certificates > which I don't really want to do. Is the problem that accepting the certificate is inconvenient? > And I've not had any problems I've noticed by just removing the 's' > and using the site like a regular site. That's ok if you understand that you're turning off the security features, so it will be possible for an attacker to see your traffic. > So, I guess there really isn't any problem with my system. Correct - the problem is on the server that you're connecting to is presenting an untrusted certificate. That could be because its a server that's impersonating the server you really want to connect to, or the server's administrator is not doing their job. In rare cases it could also be that the certificate has been revoked or the CA is no longer trusted by your web browser (eg the Diginotar mentioned earlier).