[Systems] certificates / SNI, SSO / passwords

Sascha Silbe sascha-ml-reply-to-2010-2 at silbe.org
Mon Aug 30 04:39:37 EDT 2010


Excerpts from Luke Faraone's message of Mon Aug 30 05:21:38 +0200 2010:

> They allow it, but the resulting cert will list "Sugar Labs" as the
> Organization. See attached email for details.
Nice! Thanks for getting this cleared up. I don't think having Sugar Labs
as the organisation matters. Those people we need to use the StartSSL
certificate for don't even know how to look up that field and are even
less inclined to actually do so.

Seems like a StartSSL wildcard certificate as fallback for the no-SNI
case would be a viable solution, at a cost of $50 per year + some paper
work each time. Still way too much for my taste (the only thing that
matters for users is that the domain name matches, and that's tested
by sending an automated, easily misroutable email probe), but if there's
a good reason we want to support non-SNI browsers on our https sites, we
could do it.

Sascha

--
http://sascha.silbe.org/
http://www.infra-silbe.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
Url : http://lists.sugarlabs.org/private/systems/attachments/20100830/38029d82/attachment.pgp 


More information about the Systems mailing list