Ubuntu
firefox-3.0 package

content at webfiles.uci.edu and webfiles.nacs.uci.ed should both be considered valid and secure

Bug #325114 reported by dlebauer
4
Affects Status Importance Assigned to Milestone
firefox-3.0 (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: firefox-3.0

university of california sites should be considered secure, no?

ProblemType: Bug
Architecture: i386
DistroRelease: Ubuntu 8.10
NonfreeKernelModules: wl
Package: firefox-3.0 3.0.5+nobinonly-0ubuntu0.8.10.1
ProcEnviron:
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: firefox-3.0
Uname: Linux 2.6.27-9-generic i686

Tags: apport-bug
Revision history for this message
dlebauer (dlebauer) wrote :
Revision history for this message
Andreas Olsson (andol) wrote :

If the website webfiles.nacs.uci.edu presents itself using a certificate named (CN) webfiles.uci.edu, how is that a bug in Firefox? What behavior do you expect from Firefox when the websites presents a certificate not matching its own address?

Changed in firefox-3.0:
status: New → Incomplete
Revision history for this message
dlebauer (dlebauer) wrote : Re: [Bug 325114] Re: content at webfiles.uci.edu and webfiles.nacs.uci.ed should both be considered valid and secure

i don't know. i thought someone could change the rules. i am just an end
user trying to help; if it's not a bug, please disregard

On Tue, Feb 3, 2009 at 5:07 PM, Andreas Olsson <email address hidden> wrote:

> If the website webfiles.nacs.uci.edu presents itself using a certificate
> named (CN) webfiles.uci.edu, how is that a bug in Firefox? What behavior
> do you expect from Firefox when the websites presents a certificate not
> matching its own address?
>
> ** Changed in: firefox-3.0 (Ubuntu)
> Status: New => Incomplete
>
> --
> content at webfiles.uci.edu and webfiles.nacs.uci.ed should both be
> considered valid and secure
> https://bugs.launchpad.net/bugs/325114
> You received this bug notification because you are a direct subscriber
> of the bug.
>

--
_______________________
Doctor Dave's Tutoring
949-433-7410
http://sites.google.com/site/doctordavestutoring/

Revision history for this message
Andreas Olsson (andol) wrote :

No, I don't think Ubuntu wants to change the rules of the entire trust model on which https rely.

I'm setting the status of this bug to invalid.

You might want to point out this issue to a suitable system administrator @uci.edu.

Changed in firefox-3.0:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.