Delete me
Wolfgang Spraul
wolfgang at openmoko.org
Sat Jul 11 12:50:53 CEST 2009
Robin,
> there's been discussion over this before, several people have
> pointed out it's a shoddy way to do things. apparently openmoko sign
> their own certificates (i think), so it's not recognised as coming
> from a certificate authority.
It's a long story, but definitely not a 'shoddy way'.
A long time ago, we decided to use the community-driven certificate
authority CAcert.org
Please read more about it at http://en.wikipedia.org/wiki/Cacert
This noble cause unfortunately brought some practical problems with it -
very few browsers natively acknowledge the CAcert root certificate,
until today.
Why couldn't we just have paid the 30 USD or whatever it takes to get
'regular' SSL certificate from cheap shops such as GoDaddy etc? Of
course we could, but we had made so many choices against convenience and
in favor of doing 'the right thing', that adding this one more seemed
natural to the people that were doing the work back then.
Fast forward to today, please understand that pretty much everybody in
the Openmoko community is now a volunteer. So even though the CAcert
idea might have been a noble cause, today the complications it brings
are aggravated by certificates that have expired, etc.
Maybe we can improve the certificates one day, maybe enable
personalization for the mailing lists so that one-click unsubscribe
footers are possible, etc.
The people that are maintaining the servers in their free time deserve
our support.
Cheers everybody!
Wolfgang
Robin Paulson wrote:
> 2009/7/11 Andreas Jonasson <andreas-jonasson at telia.com>:
>
>> I actually did click that link before I sent my initial email to you but got
>> an error message saying that there is a problem with the security
>> certificate of this site. It is recommended that I do not proceed to visit
>> this site. I don't understand the risk with ignoring such messages. Sorry
>> for the trouble.
>>
>
> yeah, there's been discussion over this before, several people have
> pointed out it's a shoddy way to do things. apparently openmoko sign
> their own certificates (i think), so it's not recognised as coming
> from a certificate authority. there's three things you can do:
>
> 1. change the 'https' at the start of the address to 'http'
> 2. manually accept the certificate
> 3. tell openmoko this is a bad way to do things, and to either get
> certificates which aren't signed by them, or not use an https address
> for something as trivial as unsubscribing from an email list. it
> scares and confuses people to 'Add Security Exceptions'
>
> _______________________________________________
> support mailing list
> support at lists.openmoko.org
> https://lists.openmoko.org/mailman/listinfo/support
>
More information about the support
mailing list