Re: [ccp4bb] ccp4 website not secure

2017-10-12 Thread Ville Uski 
Dear all

yes, the cert should be valid, but let me know if some of you continue
having problems with it. I had an error last week on Android, complaining
about unknown certificate authority, but this error went away for some
reason, possibly thanks to a system update.

As Michael said, https is only enforced on ccp4online so that the user
credentials not be passed unencrypted. On www.ccp4.ac.uk it's
optional.

best wishes
Ville

On Thu, Oct 12, 2017 at 12:10:07AM +0200, Tim Gruene wrote:
> Dear Markus, dear Michael,
> 
> the certificate from ccp4 appears to be signed by QuoVadis Ltd. 
> If I understand correctly, this is a trusted company, as of Firefox Version 
> 32, according to the information at https://wiki.mozilla.org/CA/
> Included_Certificates
> 
> Maybe you need to UPdate, not DOWNdate your browser?
> 
> Regards,
> Tim
> 
> On Wednesday, October 11, 2017 12:50:13 PM CEST R. Michael Garavito wrote:
> > Markus,
> > 
> > I had that problem for a short while with slightly older versions of
> > Firefox, but more recently (v54 - v56) it has not impacted any of the CCP4
> > sites.  Whether it is a Firefox correction, I don’t know, but it is fine
> > for me.  Note that CCP4online is https://www.ccp4.ac.uk/ccp4online/
> > , which requires logins, but ccp4 is
> > http://www.ccp4.ac.uk/  still.  I had it mostly
> > when connecting from home.
> > 
> > Michael

Re: [ccp4bb] ccp4 website not secure

2017-10-11 Thread Tim Gruene 
Dear Markus, dear Michael,

the certificate from ccp4 appears to be signed by QuoVadis Ltd. 
If I understand correctly, this is a trusted company, as of Firefox Version 
32, according to the information at https://wiki.mozilla.org/CA/
Included_Certificates

Maybe you need to UPdate, not DOWNdate your browser?

Regards,
Tim

On Wednesday, October 11, 2017 12:50:13 PM CEST R. Michael Garavito wrote:
> Markus,
> 
> I had that problem for a short while with slightly older versions of
> Firefox, but more recently (v54 - v56) it has not impacted any of the CCP4
> sites.  Whether it is a Firefox correction, I don’t know, but it is fine
> for me.  Note that CCP4online is https://www.ccp4.ac.uk/ccp4online/
> , which requires logins, but ccp4 is
> http://www.ccp4.ac.uk/  still.  I had it mostly
> when connecting from home.
> 
> Michael
> 
> 
> R. Michael Garavito, Ph.D.
> Professor of Biochemistry & Molecular Biology
> 603 Wilson Rd., Rm. 513
> Michigan State University
> East Lansing, MI 48824-1319
> Office:  (517) 355-9724 Lab:  (517) 353-9125
> FAX:  (517) 353-9334Email:  rmgarav...@gmail.com
> 
> 
> > On Oct 11, 2017, at 12:34 PM, Edward A. Berry  wrote:
> > 
> > Is it because of this? Its been coming for a while now:
> > https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
> > 
> > I see no reason why a website, dedicated to providing information
> > available to everyone, should be required to use https.
> > The web is too focused on e-commerce, where security is more important.
> > 
> > I hope firefox can be configured to allow insecure http, perhaps with a
> > warning. Otherwise downgrade to previous version (FF 47 connects fine).
> > Just be sure when visiting ccp4.ac.uk, don't enter personal info
> > like your tax-payer ID or credit card number. If you need to login
> > to modify the wiki or your subscription details, use another password for
> > the bank.
> > 
> > eab
> > 
> > On 10/11/2017 05:15 AM, Markus Heckmann wrote:
> >> If anyone from CCP4 website has noticed that...
> >> Your connection is not secure
> >> 
> >> 
> >> The owner of www.ccp4.ac.uk has configured their web site improperly.
> >> To protect your information from being stolen, Firefox has not
> >> connected to this web site.
> >> 
> >> 
> >> (https warning message)
> >> https://www.ccp4.ac.uk/ccp4online/

-- 
--
Paul Scherrer Institut
Tim Gruene
- persoenlich -
OFLC/104
CH-5232 Villigen PSI
phone: +41 (0)56 310 5297

GPG Key ID = A46BEE1A


signature.asc
Description: This is a digitally signed message part.

Re: [ccp4bb] ccp4 website not secure

2017-10-11 Thread Edward A. Berry 

OK, on second thought it might not be a good idea to downgrade the browser:

On 10/11/2017 12:49 PM, Guillaume Gaullier wrote:

Hello Edward,

This website has some justification for using HTTPS everywhere: 
https://https.cio.gov/everything

Downgrading a web browser is probably the worst advice you can possibly give to 
someone.
You might be interested in this Q thread explaining why: 
https://security.stackexchange.com/questions/67596/why-is-it-a-security-problem-not-to-update-ones-browser

I hope you will consider amending your last message, to prevent people 
subscribed to ccp4bb from exposing themselves with out of date browsers.

With best wishes,

Guillaume



On Oct 11, 2017, at 10:34, Edward A. Berry  wrote:

Is it because of this? Its been coming for a while now:
https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/

I see no reason why a website, dedicated to providing information
available to everyone, should be required to use https.
The web is too focused on e-commerce, where security is more important.

I hope firefox can be configured to allow insecure http, perhaps with a warning.
Otherwise downgrade to previous version (FF 47 connects fine).
Just be sure when visiting ccp4.ac.uk, don't enter personal info
like your tax-payer ID or credit card number. If you need to login
to modify the wiki or your subscription details, use another password for
the bank.

eab

On 10/11/2017 05:15 AM, Markus Heckmann wrote:

If anyone from CCP4 website has noticed that...
Your connection is not secure


The owner of www.ccp4.ac.uk has configured their web site improperly.
To protect your information from being stolen, Firefox has not
connected to this web site.


(https warning message)
https://www.ccp4.ac.uk/ccp4online/

Re: [ccp4bb] ccp4 website not secure

2017-10-11 Thread R. Michael Garavito 
Markus,

I had that problem for a short while with slightly older versions of Firefox, 
but more recently (v54 - v56) it has not impacted any of the CCP4 sites.  
Whether it is a Firefox correction, I don’t know, but it is fine for me.  Note 
that CCP4online is https://www.ccp4.ac.uk/ccp4online/ 
, which requires logins, but ccp4 is 
http://www.ccp4.ac.uk/  still.  I had it mostly when 
connecting from home.

Michael


R. Michael Garavito, Ph.D.
Professor of Biochemistry & Molecular Biology
603 Wilson Rd., Rm. 513   
Michigan State University  
East Lansing, MI 48824-1319
Office:  (517) 355-9724 Lab:  (517) 353-9125
FAX:  (517) 353-9334Email:  rmgarav...@gmail.com






> On Oct 11, 2017, at 12:34 PM, Edward A. Berry  wrote:
> 
> Is it because of this? Its been coming for a while now:
> https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
> 
> I see no reason why a website, dedicated to providing information
> available to everyone, should be required to use https.
> The web is too focused on e-commerce, where security is more important.
> 
> I hope firefox can be configured to allow insecure http, perhaps with a 
> warning.
> Otherwise downgrade to previous version (FF 47 connects fine).
> Just be sure when visiting ccp4.ac.uk, don't enter personal info
> like your tax-payer ID or credit card number. If you need to login
> to modify the wiki or your subscription details, use another password for
> the bank.
> 
> eab
> 
> On 10/11/2017 05:15 AM, Markus Heckmann wrote:
>> If anyone from CCP4 website has noticed that...
>> Your connection is not secure
>> 
>> 
>> The owner of www.ccp4.ac.uk has configured their web site improperly.
>> To protect your information from being stolen, Firefox has not
>> connected to this web site.
>> 
>> 
>> (https warning message)
>> https://www.ccp4.ac.uk/ccp4online/
>>

Re: [ccp4bb] ccp4 website not secure

2017-10-11 Thread Darren Hart 
Set up a certificate via letsencrypt and move to https? It is quick, 
easy and free.


https://letsencrypt.org/

Darren



On 11/10/17 18:34, Edward A. Berry wrote:

Is it because of this? Its been coming for a while now:
https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/

I see no reason why a website, dedicated to providing information
available to everyone, should be required to use https.
The web is too focused on e-commerce, where security is more important.

I hope firefox can be configured to allow insecure http, perhaps with 
a warning.

Otherwise downgrade to previous version (FF 47 connects fine).
Just be sure when visiting ccp4.ac.uk, don't enter personal info
like your tax-payer ID or credit card number. If you need to login
to modify the wiki or your subscription details, use another password for
the bank.

eab

On 10/11/2017 05:15 AM, Markus Heckmann wrote:

If anyone from CCP4 website has noticed that...
Your connection is not secure


The owner of www.ccp4.ac.uk has configured their web site improperly.
To protect your information from being stolen, Firefox has not
connected to this web site.


(https warning message)
https://www.ccp4.ac.uk/ccp4online/





--

**

Dr. Darren J. Hart,

CNRS Research Director, Institut de Biologie Structurale (IBS)
Unité Mixte de Recherche UMR5075 (CEA-CNRS-UGA)


Director, Integrated Structural Biology Grenoble (ISBG)
Unité Mixte de Service UMS3518 (CNRS-CEA-UGA-EMBL)

**

Email: darren.h...@ibs.fr
Tel: +33 4 57 42 85 86

Physical address: IBS/ISBG, 71 avenue des Martyrs, 38000 Grenoble, France

Postal address: IBS/ISBG, 71 avenue des Martyrs, CS 20192, 38042 
Grenoble, Cedex 9, France


**




smime.p7s
Description: S/MIME Cryptographic Signature

Re: [ccp4bb] ccp4 website not secure

2017-10-11 Thread Edward A. Berry 

Is it because of this? Its been coming for a while now:
https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/

I see no reason why a website, dedicated to providing information
available to everyone, should be required to use https.
The web is too focused on e-commerce, where security is more important.

I hope firefox can be configured to allow insecure http, perhaps with a warning.
Otherwise downgrade to previous version (FF 47 connects fine).
Just be sure when visiting ccp4.ac.uk, don't enter personal info
like your tax-payer ID or credit card number. If you need to login
to modify the wiki or your subscription details, use another password for
the bank.

eab

On 10/11/2017 05:15 AM, Markus Heckmann wrote:

If anyone from CCP4 website has noticed that...
Your connection is not secure


The owner of www.ccp4.ac.uk has configured their web site improperly.
To protect your information from being stolen, Firefox has not
connected to this web site.


(https warning message)
https://www.ccp4.ac.uk/ccp4online/

[ccp4bb] ccp4 website not secure

2017-10-11 Thread Markus Heckmann 
If anyone from CCP4 website has noticed that...
Your connection is not secure


The owner of www.ccp4.ac.uk has configured their web site improperly.
To protect your information from being stolen, Firefox has not
connected to this web site.


(https warning message)
https://www.ccp4.ac.uk/ccp4online/