Re: DYMO Root CA installed by Label Printing Software

I came across this from the OP's article posted on GitHub, apologies for posting so much later than the original discussion. I just wanted to throw in my 2 cents, real use case. A webapp I develop(ed) for my company has been using DYMO's developer setup and the web service that's installed with

Re: DYMO Root CA installed by Label Printing Software

Thank you very much to everyone who replied to my original post. I think the fact that so many people are making the same mistakes indicates that the correct solutions are not obvious to many developers. I have added a "How could this be done better?" section to my README:

Re: DYMO Root CA installed by Label Printing Software

Ryan Sleevi writes: >I similarly suspect you’re unaware of https://wicg.github.io/cors-rfc1918/ in >which browsers seek to limit or restrict communication to such devices? A... blog post? Not sure what that is, it's labelled "A Collection of Interesting Ideas", stashed on

Re: DYMO Root CA installed by Label Printing Software

On Wed, Jan 10, 2018 at 3:33 AM Peter Gutmann wrote: > Ryan Sleevi writes: > > >I hope you can see how I responded to precisely the problem provided. > > You responded to that one specific limited instance. I responded to the topic of this thread,

Re: DYMO Root CA installed by Label Printing Software

Ryan Sleevi writes: >I hope you can see how I responded to precisely the problem provided. You responded to that one specific limited instance. That doesn't work for anything else where you've got a service that you want to make available over HTTPS. Native messaging is a

Re: DYMO Root CA installed by Label Printing Software

On Wed, Jan 10, 2018 at 12:42 AM Peter Gutmann wrote: > Ryan Sleevi writes: > > >Of course, if that doesn’t tickle your fancy, there are other ways that > are > >supported that you may not have heard about - for example: > > >

Re: DYMO Root CA installed by Label Printing Software

> On Jan 9, 2018, at 19:31, Peter Gutmann via dev-security-policy > wrote: > > Jonathan Rudenberg writes: > >> For communicating with other machines, the correct thing to do is to issue a >> unique certificate for each device from

Re: DYMO Root CA installed by Label Printing Software

Jonathan Rudenberg writes: >For communicating with other machines, the correct thing to do is to issue a >unique certificate for each device from a publicly trusted CA. The way Plex >does this is a good example:

Re: DYMO Root CA installed by Label Printing Software

> On Jan 9, 2018, at 18:42, Peter Gutmann via dev-security-policy > wrote: > > Ryan Sleevi writes: > >> Of course, if that doesn’t tickle your fancy, there are other ways that are >> supported that you may not have heard about - for

Re: DYMO Root CA installed by Label Printing Software

Ryan Sleevi writes: >Of course, if that doesn’t tickle your fancy, there are other ways that are >supported that you may not have heard about - for example: >https://docs.microsoft.com/en-us/microsoft-edge/extensions/guides/native-messaging >

Re: DYMO Root CA installed by Label Printing Software

On Wed, Jan 10, 2018 at 12:08 AM Peter Gutmann wrote: > Ryan Sleevi writes: > > >Or is your viewpoint that because this happened in the past, one should > >assume that it will forever happen, no matter how much the ecosystem > changes - > >including

Re: DYMO Root CA installed by Label Printing Software

Ryan Sleevi writes: >Or is your viewpoint that because this happened in the past, one should >assume that it will forever happen, no matter how much the ecosystem changes - >including explicitly prohibiting it for years? Pretty much. See the followup message, which shows it

Re: DYMO Root CA installed by Label Printing Software

On Tue, Jan 9, 2018 at 11:12 PM Peter Gutmann wrote: > Ryan Sleevi writes: > > >First, there are non-commercial CAs that are trusted. > > By "commercial CAs" I meant external business entities, not an in-house CA > that the key or cert owner controls.

Re: DYMO Root CA installed by Label Printing Software

Ryan Sleevi writes: >First, there are non-commercial CAs that are trusted. By "commercial CAs" I meant external business entities, not an in-house CA that the key or cert owner controls. Doesn't matter if they charge money or not, you still need to go to an external

Re: DYMO Root CA installed by Label Printing Software

On Tue, Jan 9, 2018 at 4:40 PM, Peter Gutmann via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Nicholas Humfrey via dev-security-policy mozilla.org> writes: > > >What is the correct way for them to achieve what they are trying to do? > > I'm

Re: DYMO Root CA installed by Label Printing Software

Hi, On Tue, 09 Jan 2018 21:04:34 + Nicholas Humfrey via dev-security-policy wrote: > What is the correct way for them to achieve what they are trying to > do? > > Would it be better to use a self-signed localhost certificate (same > subject and >

Re: DYMO Root CA installed by Label Printing Software

Nicholas Humfrey via dev-security-policy writes: >What is the correct way for them to achieve what they are trying to do? I'm not sure if there is a correct way, just a least awful way. The problem is that the browser vendors have decreed that you can

DYMO Root CA installed by Label Printing Software

Hello, Apologies if this is off-topic but I am not sure where else to query this. While going through the list of Root Certificate Authorities on my computer, I was alarmed to discover one I wasn't expecting there, called "DYMO Root CA (for localhost)". This certificate was installed by the