Re: Gna security issue -- November 29, 2010 - 17:17

Hi,

Thank you Edward for the link to the tutorial.

Of course, it would be better if the problem was fixed, since this, as 
you said, may scare people off Gna! website...

Cheers,


Séb  :)


On 10-11-29 10:48 AM, Edward d'Auvergne wrote:
> Hi,
>
> I've had a look at this and it seems to be an easily solvable issue.
> It has been reported to Gna! at:
>
> https://gna.org/support/?1997
>
> The problem is that the CAcert.org root certificate is not included
> with the browser, or it's probably out of date and needs updating.
> There are instructions at:
>
> http://gna.org/tls/tutorial/
>
> The simplest solution though is to accept the site as being secure.
> This is only for encrypted transfer of webpages and files from Gna!,
> so assuming the site is not secure, then it would be the same security
> as unencrypted webpages.  It's not really an issue, but it does scare
> people off :S
>
> Cheers,
>
> Edward
>
>
>
> On 24 November 2010 16:01, Sébastien Morin<sebastien.morin@xxxxxxxxx>  wrote:
> > Hi,
> >
> > Thanks to Fred Damberger, I just recalled observing a security-related issue
> > with the Gna website.
> >
> > Here is the message Firefox gives when trying to login on Gna:
> >
> > ========
> > This Connection is Untrusted
> >
> > You have asked Firefox to connect
> > securely to gna.org, but we can't confirm that your connection is secure.
> >
> > Normally, when you try to connect securely,
> > sites will present trusted identification to prove that you are
> > going to the right place. However, this site's identity can't be verified.
> >
> > What Should I Do?
> >
> > If you usually connect to
> > this site without problems, this error could mean that someone is
> > trying to impersonate the site, and you shouldn't continue.
> >
> > Technical Details
> >
> > gna.org uses an invalid security certificate.
> >
> > The certificate is not trusted because the issuer certificate is unknown.
> >
> > (Error code: sec_error_unknown_issuer)
> >
> > I Understand the Risks
> >
> > If you understand what's going on, you
> > can tell Firefox to start trusting this site's identification.
> > Even if you trust the site, this error could mean that someone is
> > tampering with your connection.
> >
> > Don't add an exception unless
> > you know there's a good reason why this site doesn't use trusted
> > identification.
> > ========
> >
> > Is this important ?
> > Should this be fixed by the Gna people ?
> >
> > Cheers,
> >
> >
> > Séb  :)
> >
> > --
> > Sébastien Morin, Ph.D.
> > Postdoctoral fellow
> > S. Grzesiek NMR Laboratory
> > Biozentrum, Universität Basel
> > Basel, Switzerland
> >
> >
> > _______________________________________________
> > relax (http://nmr-relax.com)
> >
> > This is the relax-users mailing list
> > relax-users@xxxxxxx
> >
> > To unsubscribe from this list, get a password
> > reminder, or change your subscription options,
> > visit the list information page at
> > https://mail.gna.org/listinfo/relax-users

--
Sébastien Morin, Ph.D.
Postdoctoral fellow
S. Grzesiek NMR Laboratory
Biozentrum, Universität Basel
Basel, Switzerland