LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

February 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS February 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: SSL Shared Secret broken?
From:	"Rajesh Nair (rajnair)" <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Thu, 2 Feb 2006 11:24:27 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (71 lines)

Mike,

We will look into including the IPS CA root certs in our next
maintenance release.

-Rajesh. 

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of King, Michael
Sent: Thursday, February 02, 2006 9:25 AM
To: [log in to unmask]
Subject: Re: SSL Shared Secret broken?

We have a few IPS CA certs.  It's hard to argue with free for
College/Universities

One is on our main webmail site. (Outlook Web Access)

The only problem we've had reported is some Smartphones did not have the
trusted root certificate, and the owner did not know how to add
certificates.

We also have them on our VPN site, and have had no issues reported.

When we add the 3 new servers we're bringing online next month, they'll
be getting IPS CA certs. 

> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List 
> [mailto:[log in to unmask]] On Behalf Of Cal Frye
> Sent: Thursday, February 02, 2006 10:16 AM
> To: [log in to unmask]
> Subject: Re: SSL Shared Secret broken?
> 
> Too soon for me to tell -- these are the first IPS CA certs on our 
> campus. My limited testing hasn't shown any troubles yet. Since we 
> were using self-signed certs previously, our students were used to the

> cert warning. The problem came with moving from subnet to subnet; the 
> box would change, but the cert didn't, and the error sometimes 
> prevented the student from authenticating. I seem to recall IE was 
> more forgiving / sloppier than Firefox.
> 
> As we are implementing CCA on campus, the roaming population is about 
> to explode, so I wanted to update the certs before the semester begins

> next week.
> 
> More information as I get it; we'll be watching carefully.
> 
> --Cal Frye, Network Administrator, Oberlin College
>    www.calfrye.com, www.pitalabs.com, www.ouuf.org
> 
>   "If you can cause enough doubt on evolution, liberalism will die." 
> -- Rev.Terry Fox, Southern Baptist.
> 
> 
> Ryan Dorman wrote:
> > Cal et al.
> > 
> >     I also have IPS CA certs on my CCA boxen.  Have you found that 
> > sometimes for no good reasons IE just doesn't' seem to
> trust the root
> > authority.  It seems that on 90% of computers, it works just fine.  
> > Then here and there it will give untrusted publisher
> warnings and the
> > like.  Same up to date versions of IE.  Haven't seen the
> issue with Firefox yet. Any clues?
>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU