[1286] in athena10
[Debathena] #123: debathena-ssl-certificates should include a CRL
daemon@ATHENA.MIT.EDU (Debathena Trac)
Thu Mar 5 14:10:01 2009
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
From: "Debathena Trac" <debathena@MIT.EDU>
Cc: debathena@mit.edu
To: broder@mit.edu
Date: Thu, 05 Mar 2009 19:09:54 -0000
Reply-To:
Message-ID: <043.93458efb80decbe542eecc686a635db1@mit.edu>
Content-Transfer-Encoding: 8bit
#123: debathena-ssl-certificates should include a CRL-------------------+--------------------------------------------------------
Reporter: broder | Owner:
Type: defect | Status: new
Priority: minor | Keywords:
-------------------+-------------------------------------------------------- {{{
From: Jeffrey I. Schiller <jis@MIT.EDU>
To: Anders Kaseorg <andersk@MIT.EDU>
Cc: scripts-moira@MIT.EDU
Subject: Re: One of your Certificates is Compromised [help.mit.edu
#629346]
Date: Sun, 18 May 2008 17:15:39 -0400
Thanks. I didn't check to see if a new certificate had been issued. I
have published a CRL at http://ca.mit.edu/mitca.crl (I believe it can
be references via https as well, but it is a signed object so this
isn't necessary).
Of course if people don't import this CRL into their browser, it
doesn't do much good (though once imported into Firefox, it will be
automatically updated if the user sets it that way).
-Jeff
}}}
Unfortunately, ca-certificates-java apparently throws "some absurd error"
if you include a CRL in the pack of certificates, and it's not really
clear if including a CRL via update-ca-certificates is even meaningful.
We should find out if it is meaningful, and if it is, file a bug about ca-
certificates-java.
-- Ticket URL: <http://debathena.mit.edu/trac/ticket/123>Debathena <http://debathena.mit.edu/>MIT Debian-Athena Project
