On 20 feb 2008, at 19:45, James Galvin wrote:
AMS obtains certificates for their clients from Starfield
Technologies:
<http://www.starfieldtech.com/>
Do you have a concern about this choice or is your concern about
the fact that your browser didn't accept the certificate by default?
The latter.
As far your browser not accepting the certificate, I'm sure you
realize there a lot of reasons that could happen including the
latest version of Safari "missing" a particular root certificate.
Right. Not sure what it was in this case, because when I tried it just
now from home, first with Firefox and then again with Safari, there
were no problems.
I would have been surprised if AMSL had used a CA that isn't widely
accepted by default, because that requires people to install a new
root certificate, which is a somewhat big deal: you wouldn't want to
install a "bad" root certificate so this involves a fair amount of
checking.
On 21 feb 2008, at 0:15, Mark Andrews wrote:
It's not just Safari, it's also Firefox.
Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.11) Gecko/
20080126 Firefox/2.0.0.11
Note: Firefox has a root cert from them. Just not the one
that signed this cert.
What I'm seeing right now is a certificate from AMSL with SHA-1
fingerprint
9F B6 01 FE 68 40 BB F6 6F 55 06 28 7C 42 15 01 38 0A CA 66
signed by a Starfield certificate with SHA-1 fp
7E 18 74 A9 8F AA 5D 6D 2F 50 6A 89 20 FF 22 FB D1 66 52 D9
and then one with SHA-1 fp
36 3E 47 34 F7 57 BD EB 89 86 8E FE 94 90 77 74 A3 27 69 5E
which is signed by Valicert with SHA-1 fp
31 7A 2A D0 7F 2B 33 5E F5 A1 C3 4E 4B 57 E8 B7 D8 F1 FC A6
Iljitsch
_______________________________________________
IETF mailing list
IETF(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf