[20942] in Athena Bugs
Re: Mozilla certs (again)
daemon@ATHENA.MIT.EDU (John Hawkinson)
Mon Oct 21 13:24:38 2002
Date: Mon, 21 Oct 2002 13:24:35 -0400
From: John Hawkinson <jhawk@MIT.EDU>
To: "t. belton" <tbelton@MIT.EDU>
Cc: Chris Toepel <ctoepel@MIT.EDU>, bug-infoagents@MIT.EDU
Message-ID: <20021021172435.GE6227@multics.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.GSO.4.33L.0210211235290.17610-100000@iphigenia.mit.edu>
[ moved to bug-infoagents for discussion ]
t. belton <tbelton@MIT.EDU> wrote on Mon, 21 Oct 2002
at 12:54:24 -0400 in <Pine.GSO.4.33L.0210211235290.17610-100000@iphigenia.mit.edu>:
> Second, I would remove the word "random." It's not random, the problem is
> that it's too messy to describe in a stock answer.
>
> The imported 4.x certificates are unusable when imported. Furthermore,
> their presence will almost certainly interfere with the proper use of
> Mozilla-obtained certs if they're allowed to stay. They really shouldn't
> be converted at all, they are nothing but trouble. The problem is that for
> timing reasons we can't stop Mozilla from importing them on first run, if
> they're present.
Umm, Todd, you keep saying this, but it's not true.
Certificates for netscape often work fine in Mozilla.
They have done so for me, and for other people.
I can't speak to why they fail in some cases, but it's certainly
not an overwhelming majority (maybe it's 50/50? I have very
limitted data...).
I should point out, though, that if you really thought it failed
every time, a stock answer is _totally_ the wrong tool for disseminatinog
the information. Instead, it would much better for the wrapper script
that starts mozilla to make sure that this happens the first time you
run it (there are many ways this could happen, many of them ugly,
but it's really neither here-nor-there), or at least announce a message,
"HEY! Your certificates are broken now!"
I think the only reason you didn't get lots of people clarmoring for that is
because it doesn't happen that freqeuently (i.e. for every user)...
--jhawk
