[20958] in Athena Bugs
Re: Proposed Stock Answer, topic WEB (Mozilla)
daemon@ATHENA.MIT.EDU (Jonathan Reed)
Tue Oct 22 18:22:46 2002
Mime-Version: 1.0
Message-Id: <p05010409b9db7f802f86@[18.152.1.192]>
In-Reply-To: <200210222218.SAA14714@red-herring.mit.edu>
Date: Tue, 22 Oct 2002 18:23:32 -0400
To: Camilla R Fox <cfox@mit.edu>
From: Jonathan Reed <jdreed@MIT.EDU>
Cc: Chris Toepel <ctoepel@mit.edu>, olc-stock@mit.edu, tbelton@mit.edu,
bug-infoagents@mit.edu, jhawk@mit.edu
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
My objection was that the method to get new certificates (from
scratch, after you've justed nuked your cert*.db and key*.db files)
should be:
http://web.mit.edu/is/help/cert/
and NOT
http://ca.mit.edu
The reason behind this is that the former link reminds you to go get
the MIT CA certificate first, whereas the latter does not. Getting
the MIT CA certificate is useful, as you won't have to explicitly
accept the server certificate for each machine you connect to. You
need to do that if you haven't accepted the MIT CA certificate.
-Jon
At 6:18 PM -0400 on 10/22/02, Camilla R Fox wrote:
> > I hate this, since going to http://web.mit.edu/is/help/cert/ will
>> tell them to go get the MIT CA certificate first, and then they won't
>> have to click "accept until this certificate expires" for every
>> SSL-protected server they go to.
>
>In the interest of not duplicating information, it seems like that should
>be feedback to the maintainers of http://web.mit.edu/is/help/cert/,
>not contradicted elsewhere.
>
>There's a comment form link there; I'm not sure who it goes to, and I'm
>not sure I understand the actual content of your objection.
--
-------------------
Jonathan Reed
jdreed@mit.edu
-------------------
