Re: self-signed certificates (was Re: I'd like to get rid of pulseaudio but ...)
On Sun, May 31, 2009 at 13:08:08 -0700, "Wolfgang S. Rupprecht" wrote: > > As for the man-in-the-middle attack, I'd imagine the biggest usage case > is an eavesdropped-in-the-middle and not someone that was able to break > the data stream and insert themselves. Having an encrypted channel with > a slightly nebulous endpoint is still better than having an unencrypted > channel. For average Joes, the most common problem is going to be that their machine is compromized. Extra security of https over http for them is barely a blip. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: self-signed certificates (was Re: I'd like to get rid of pulseaudio but ...)
Once upon a time, Wolfgang S. Rupprecht said: > It is a shame that there isn't a simple documented way to add other CA's > to Firefox's approved list or some system global way to add CA's for all > programs looking for pki certs. For Firefox, you just have to publish the cert in DER format (with the MIME type application/x-x509-ca-cert). If you click on such a link, Firefox will ask you if you wish to trust the cert (and what classes of things you trust it for). -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
