Re: someone else complaining about "Mozilla SSL policy"

Mon, 03 Nov 2008 13:25:23 -0800 

On 11/03/2008 08:46 PM, [EMAIL PROTECTED]:

On 3 Nov., 14:40, "David Stutzman"<[EMAIL PROTECTED]>  wrote:

I think we covered this before and he misses the fact that there are free
alternatives out there like StartSSL that I use (Thanks Eddy!).


This would only be true if the StartCom root would be included in
Firefox 2, Windows, MacOS and Opera. At least in Windows its not
included; StartCom is apparently not part of Microsofts root
certificate program: http://support.microsoft.com/kb/931125

Or am I missing something, Eddy?



As of now this is correct. The StartCom root is shipped and included 
with Firefox (since some version of 1.5 upwards and not as you indicated 
below) and with Apple OS X (since 10.4 (Tiger)).



Concerning Microsoft all I can say at this point is, that we are working 
on it. I really except, that once this happens, it will make self-signed 
certificate completly obsolete, except for a few cases like routers.




Sorry, but its a little bit unfair to point people to StartSSL when
they experience the Firefox SSL UI blues. They will get complaints
from all those other browser users after they happily installed the
free StartSSL certificate on their server. Its just bad advice, given
with some big Mozilla blinder. Even Firefox 2 users are left out.




First of all I don't know what your problem is with FF2, but feel free 
to contact me and I'll be glad to look into eventual problems. Many 
times incomplete installation at the server are cause for errors.



Secondly, lets get real here! If you are using a self-signed certificate 
you'll get errors and warnings with *ALL* browsers - and so does any 
visitor to such a site. Now, by using a certificate by a third party - 
even if it's one from StartCom - your site is *NOT* using a self-signed 
certificate, not subject to a potential MITM attack and depending on 
your typical user base and product they are using, your site will *NOT* 
issue any errors. For European countries like Germany, the Scandinavians 
but also others, this is more than 50% (if you combine Apple Safari and 
Firefox market share).



It certainly makes a lot of sense for Firefox, since this is the product 
Mozilla cares about. But I'm sure you followed better advice and you use 
certificates from a CA with better coverage...


--
Regards

Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Blog:   https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto






















					Reply via email to