Comment 14 for bug 1620755
Revision history for this message
| Scott Reynolds (scottreynolds) wrote | #14 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
"Don't try to man-in-the-middle snapd" oversimplifies the nature of the problem. This also affects user-facing applications such as Chromium, which is now only distributed as a snap.
To recap, ignoring the system-provided trusted CA certificate store causes certificate validation failures in at least these scenarios:
- For user-facing applications, access to enterprise CA-signed resources
- For all applications, access to resources through a transparent proxy using
enterprise CA certificates
I'm sure everyone understands the importance of maintaining the integrity of the system. However, we also need to accept that increasing numbers of government and enterprise organizations must maintain controls, such as those related to data loss prevention, that require the use of additional trusted CA certificates.