severity 509419 important thanks Hi there,
am Mon, Dec 22, 2008 at 09:06:48AM +0100 hast du folgendes geschrieben: > It seems that ca-certificates isn't up-to-date anymore; yesterday, when > checking an online banking site[1][2], I stumbled upon a Firefox warning > about an unknown CA for the site's certificate (WTF...?). Same with > Konqueror, both on Debian Etch and Ubuntu Dapper Drake (6.06 LTS). > > This morning I got the chance to check with Firefox 3 and IE6 on Win XP and > also Opera 9.63 on Debian Etch, which all worked fine and showed the site > as "green". > > So it seems obvious that ca-certificates is outdated for the site's Verisign > CA certificate (the site's certificate has been renewed recently: > 15.12.2008). to my knowledge neither Firefox nor Konqueror use ca-certificates. I might be wrong on the latter though, but I think I saw discussions about generating input for Konqueror from ca-certificates only recently. KDE maints? Firefox certainly doesn't. The green bar is extended validation (snake oil) and only implemented in Firefox >= 3. So my guess is that the Extended Validation Root CA of Verisign is missing in Etch. It got into recent ca-certificates with the update from Mozilla's truststore. And as above it might affect other packages, too. It's hardly "grave", but I will update a newer ca-certifcates to volatile soonish. Kind regards, Philipp Kern -- .''`. Philipp Kern Debian Developer : :' : http://philkern.de Release Assistant `. `' xmpp:p...@0x539.de Stable Release Manager `- finger pkern/k...@db.debian.org
signature.asc
Description: Digital signature
