[SOLVED] webConfigurator do not answer IPv6 requests
-
Hmmmm. Hopefully we can all go IPV6 soon, dump IPV4 before IPV9 comes out and then maybe Firefox would notice all the broken browsers.
The guys are just "amazing". The bug's been there for ages, just regressing badly recently, making it much worse (previously you'd just get the usual self-signed cert nagscreen, but you could not add an exception for IPv6 literal. Now you get a blank page…) Instead of fixing the darned thing, the guys discuss that they "intend to discourage certificates that include IP addresses." Apparently realizing that the user is not in a position to do anything about whatever certificate that the admin decided to use is way above the guys' heads. Clearly, browsers are not there to browse websites any more, they are there to nag users with stupid warnings (self-signed certs are baaad, mkay... CNNIC one's rock though, that's what Mozilla trusts.) And this idiocy is not limited to Mozilla, e.g. Chrome won't let you browse local XML files, since XSL stylesheets are extremely "dangerous". They are much safer when downloaded from web, mkay, riiight!
-
I doubt its a bug. More likely its something designed to generate revenue by making people run out and grab "Good signed certs" that make pretty green banner colors when you browse to a site. Exploiting stupidity is a time honoured tradition. We all know that certs are so much more trustworthy when they were generated and signed by some yahoo you don't even know.
-
I agree with you both. Here government sites .gov.br are signed by a centralized government entity called "ICP Brasil". This entity is trusted, but browsers refuse to add it to your root cert list by unknown reasons. There are plenty of bug requests asking to add the ICP's root cert, but it seems it will never be done…
-
Well - The Military here and government (Serious sites for serious people, not for public use) don't submit their certs to anybody.
Shows up red just like any self signed cert I'd make unless the people who use them install the certs in their trusted cert store.
Thats also how I handle certs. Handed out by hand for friends I'd trust to certain things.But really - Certs have become a huge racket. I'd say issuing certs is like printing money except paper does cost SOMETHING.
-
But really - Certs have become a huge racket. I'd say issuing certs is like printing money except paper does cost SOMETHING.
You mean - you could operate a company which issues digital certificates from your parent's garage, and become a multi-millionaire? Amazing.
http://en.wikipedia.org/wiki/Mark_Shuttleworth
Of course, this is impossible to repeat nowadays. Shuttlework (Thawte) and Verisign were lucky enough to have their root certificates public key installed in the first Netscape browser. The rest is history.
-
You mean - you could operate a company which issues digital certificates from your parent's garage, and become a multi-millionaire? Amazing.
Been tried and failed… Clearly, these days you need to pay $$$$$$$ to the right browser guys first, like CNNIC. ::)
-
Yep…too bad that Honest Achmed failed...now I have to buy my google.com certificates from TÜRKTRUST....
-
I suppose it would be possible to start a open-authority (call it whatever you like) the same way OpenNIC runs alternate DNS. You would have to set up an entirely new chain of authority, some servers, establish some system of trust and basically give away certs and rely on donations or something to keep things running. Then you would need to get it into a major browser that isn't in CNNIC or whoever's pocket. OR - People could just stop being stupid and ignore the idiot graffiti that pops up when someone uses a self signed cert. Either way would work.
Did I mention the word racket earlier? Yeah… Its a racket.
-
FYI, fixed in FF 24+
https://bugzilla.mozilla.org/show_bug.cgi?id=633001#c96
-
Ahhhh- Good. Getting ready for IPV9 are they?