[20943] in Athena Bugs
Re: Mozilla certs (again)
daemon@ATHENA.MIT.EDU (t. belton)
Mon Oct 21 13:33:09 2002
Date: Mon, 21 Oct 2002 13:33:07 -0400 (EDT)
From: "t. belton" <tbelton@MIT.EDU>
To: John Hawkinson <jhawk@MIT.EDU>
cc: Chris Toepel <ctoepel@MIT.EDU>, <bug-infoagents@MIT.EDU>
In-Reply-To: <20021021172435.GE6227@multics.mit.edu>
Message-ID: <Pine.GSO.4.33L.0210211325300.17610-100000@iphigenia.mit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Mon, 21 Oct 2002, John Hawkinson wrote:
> Umm, Todd, you keep saying this, but it's not true.
>
> Certificates for netscape often work fine in Mozilla.
> They have done so for me, and for other people.
>
> I can't speak to why they fail in some cases, but it's certainly
> not an overwhelming majority (maybe it's 50/50? I have very
> limitted data...).
So do I. And I agree that I may have some sample skew, since I only hear
from people where it isn't working! But ....
> I should point out, though, that if you really thought it failed
> every time, a stock answer is _totally_ the wrong tool for disseminatinog
> the information. Instead, it would much better for the wrapper script
> that starts mozilla to make sure that this happens the first time you
> run it (there are many ways this could happen, many of them ugly,
> but it's really neither here-nor-there), or at least announce a message,
> "HEY! Your certificates are broken now!"
At the time, I didn't know if the converted certs were enough of a problem
to justify having the script do the deletion automatically. I'm still not
sure.
The thing is, there are several levels of paranoia here - think of it as a
national alert system :)
Code Red: Happens so often that it's worth nuking the 4.x certs
automatically in the wrapper, therefore forcing people to get fresh certs
when they install Mozilla, no choice about it.
Code Orange: Happens often enough that I want to try to convince the user
that they might be better off just getting fresh certs before they even
have a chance to go astray.
Code Yellow: Happens just enough that we need to make a solution
available, but most users don't need to be warned about it, it'll just
confuse the issue.
I'm currently thinking somewhere around code orange.
