From: Mark Knecht <markknecht@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] This Connection is Untrusted: WAS: Firefox-10.0.1 fails to compile on x86
Date: Thu, 23 Feb 2012 17:14:49 -0800 [thread overview]
Message-ID: <CAK2H+edV-43wBN8qo9dwnfy-7Omx4s+_00LOUjAwVRee1KmnbA@mail.gmail.com> (raw)
In-Reply-To: <CAEH5T2MaNW77oG1yVALW5ngzZZBNbySaFsfoAu821iczEqmW-w@mail.gmail.com>
On Thu, Feb 23, 2012 at 3:28 PM, Paul Hartman
<paul.hartman+gentoo@gmail.com> wrote:
> On Thu, Feb 23, 2012 at 4:59 PM, Mark Knecht <markknecht@gmail.com> wrote:
>> What is it about my systems wherein every one of these https links
>> case my systems to barf with a "This Connection is Untrusted" message.
>> If I remove the 's' then things work fine.
>
> https encompasses two basic functions: encryption and trust.
>
> In this case the hostname in the SSL certificate installed on that
> server does not match the hostname in the URL, so it does not trust
> it. If they matched, it would then check to see if it was expired. If
> it was not expired, it would then check to see if it was signed by a
> CA that you trust (browsers come with a set of trusted CAs already).
> If it was self-signed or signed by an untrusted CA (like DigiNotar...)
> you'd get a warning as well.
>
> If literally every https link is untrusted, maybe you have an issue
> with the installation of certificates on your system, or have chosen
> not to trust any CAs.
>
> Commercial websites, banks, stores, etc. should always have valid and
> trusted certificates. In OSS world, most people don't have the need or
> money to pay for a certificate when all they're really interested in
> is encrypting the connection. There are also servers that are
> listening for https connections but aren't advertised as such... the
> mozilla website is probably one of those. Using plug-ins like
> HTTPS-everywhere will try to use https even on sites that don't use it
> by default.
>
> In all of those cases above, if you allowed the connection it would
> still be SSL encrypted. You'd be protected against packet sniffers but
> not against man-in-the-middle attack. By switching to http your
> session occurs in plain-text and is vulnerable to both attacks.
>
OK, clearly I'm overstating the problem then. I haven't ever had any
problems logging into password protected, little closed lock in the
bottom corner web sites so that's not a problem. The real problem I've
noticed the most is just with these links that arrive as https:// type
links and Firefox asking me to specifically accept these certificates
which I don't really want to do.
And I've not had any problems I've noticed by just removing the 's'
and using the site like a regular site.
So, I guess there really isn't any problem with my system.
I appreciate the info folks. As always, thanks!
Cheers,
Mark
next prev parent reply other threads:[~2012-02-24 1:16 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-23 22:59 [gentoo-user] This Connection is Untrusted: WAS: Firefox-10.0.1 fails to compile on x86 Mark Knecht
2012-02-23 23:11 ` [gentoo-user] " Nikos Chantziaras
2012-02-23 23:28 ` [gentoo-user] " Paul Hartman
2012-02-24 1:14 ` Mark Knecht [this message]
2012-02-24 3:01 ` Adam Carter
2012-02-24 7:45 ` Florian Philipp
2012-02-24 16:43 ` Michael Orlitzky
2012-02-24 17:33 ` Paul Hartman
2012-02-27 18:43 ` Florian Philipp
2012-02-27 19:32 ` Michael Orlitzky
2012-02-23 23:33 ` Willie WY Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAK2H+edV-43wBN8qo9dwnfy-7Omx4s+_00LOUjAwVRee1KmnbA@mail.gmail.com \
--to=markknecht@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox