On 03/24/2009 02:35 AM, Ian G:
You can disagree, fine. I even hate it. I despise the notion that
someone can download and install software, pretend to be an expert,
and get it going within maybe an hour, with no clue as to how it
works. That's not how it was in my day!
So we have actually agreement here on the basic level...
But that is the state of the world, today. Most sysadms work the
servers to the point where they appear to be working, then move on.
Their bosses don't let them do anything else. If they want to learn,
that's on their own time.
Or they hired the wrong people...
So who's to blame here? The sysadm that doesn't know, the server
producer that produces an unintelligible configuration mess, or the
boss that lets such nonsense go on at shareholder's expense?
I'd say #1 because #2 doesn't apply (client auth doesn't exist in the
default configuration on the specific server product we are talking
about) and who can blame #3 because he doesn't know better?
LOL...a misconfiguration server will ALWAYS make you problems...any
misconfigured software will. This is not a work-around, in your
situation it's most likely THE solution.
Well, yes, to the first. No to the second. The more I read about
this problem, the more I find there are core issues around selecting
the right cert.
How come? Any certificate the server seems to accept...
Think about it; the current Firefox config for client certs is
broken if it cannot accurately guess which cert is required. Oops.
Nonono...it's again at the server side...I know you most likely have a
problem coming into the lion's den, but I nevertheless suggest it to you
highly. It doesn't cost any money...here is my invitation.
Right, so at least we are agreed that client certs did not take off.
They require a bit more care than user/pass pairs. Beyond that I don't
know...
Don't get me wrong. I'm interested in OpenId. I'd like to understand
how it works (which probably means at the protocol level).
OpenID alone isn't the solution, it's the combination of the two which
makes it interesting.
Do you see client certs as products for big corps and gov.ts, too, only?
No, did I say that? But perhaps those are the ones which have the most
power for the push (speak Paypal, eBay etc).
Am I alone here in my understanding of "Mozilla of the people, for the
people, by the people?" Are we only here to serve the sales of product?
No way, I guess you don't know me good enough yet...I'm on the other side...
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
