Advertisement
GStreamer Conference 2013, 22-23 Oct, Edinburgh
GStreamer, Embedded Linux, Android, VoD, Smooth Streaming, DRM, RTSP, HEVC, PulseAudio, OpenGL. Register now to attend.
| |||||||||||||
Warning about certificate changes doesn't work in todays worldWarning about certificate changes doesn't work in todays worldPosted Sep 29, 2013 6:33 UTC (Sun) by ras (subscriber, #33059)In reply to: Warning about certificate changes doesn't work in todays world by ras Parent article: Encouraging a wider view
> In that context, the obvious solution seems to be to trust the next certificate up in the hierarchy of trust, surely?
I had not thought about it that deeply - but now that you mention it - yes. When I installed it that is what I thought it would do. It is after all the signing cert that you are trusting. The rest are irrelevant.
That highlights another design flaw in the X509 PKI system I guess. A single signing bit was a mistake. Something that allowed the owner of foo.com to sign anything under foo.com (but nothing else) would be far more useful.
> I think it mainly requires a new feature: the ability to say "remember this certificate, but remember the older ones too". That'll help with sites that keep switching between certificates.
Funny. I though it did that. Clearly I didn't think about it deeply enough, as it obviously doesn't.
> Does anyone know if certpatrol is still being developed?
It was updated regularly until October 14, 2011. Then nothing. So no. But it is open source, so the world would be a better place if someone picked up the ball. :D
(Log in to post comments)
|
|||||||||||||