ietf
[Top] [All Lists]

Re: amsl.com certificate?

2008-02-20 19:24:48
The default setting in Firefox (and possibly safari) is to use OCSP for 
validation of certificates where OCSP is referenced. The *.ietf.org 
certificate has as part of the Authority Information Field the value; 
OCSP: URI: http://ocsp.starfieldtech.com

This url is unreachable from many non-US sites, for reasons known only 
to Godaddy I presume.

The pragmatic workaround in firefox is to set the option to not using 
OCSP for certificate validation.

Geoff







Alexa Morris wrote:
As soon as the SSL problem was reported, AMS performed additional testing on
many different computers. However, we were unable to duplicate this problem.
If someone else experiences this issue and is concerned, please send an
email ietf-action(_at_)ietf(_dot_)org(_dot_) Alternatively, please feel free 
to contact me
directly at any time.

Regards,
Alexa


-----------
Alexa Morris / Executive Director / IETF
48377 Fremont Blvd., Suite 117, Fremont, CA  94538
Phone: +1.510.492.4089 / Fax: +1.510.492.4001
Email: amorris(_at_)amsl(_dot_)com

Managed by Association Management Solutions (AMS)
Forum Management, Meeting and Event Planning
www.amsl.com <http://www.amsl.com/>


On 2/20/08 10:45 AM, "James Galvin" <galvin+ietf(_at_)elistx(_dot_)com> wrote:

AMS obtains certificates for their clients from Starfield
Technologies:

    <http://www.starfieldtech.com/>

Do you have a concern about this choice or is your concern about
the fact that your browser didn't accept the certificate by default?

If you have a concern about this choice it would help if you could
be specific about what that is.  Their web site seems pretty
complete to me so any one of us could "check them out."  I think we
need to trust AMS to make a good choice unless we can identify an
issue.

As far your browser not accepting the certificate, I'm sure you
realize there a lot of reasons that could happen including the
latest version of Safari "missing" a particular root certificate.

Jim





-- On Wednesday, February 20, 2008 6:04 PM +0100 Iljitsch van
Beijnum <iljitsch(_at_)muada(_dot_)com> wrote regarding amsl.com certificate?
--

I just registered for IETF-71 and tried to pay. I wasn't bothered
too   much when I got an SSL warning for the former, but I
hesitate to   proceed with the latter, which is also under the
amsl.com domain.

My browser (the latest version of Safari on the Mac) complains
that   the issuer of the certificate is untrusted. That would be
Starfield   Secure Certification Authority.

Is this a CA in good standing that we should trust?

Iljitsch
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf



_______________________________________________
IETF mailing list
IETF(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf

_______________________________________________
IETF mailing list
IETF(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>