[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Making CA certificate available over http, __default__ rewrites




Am I misunderstanding your suggestion?  Are you wanting to serve the
CA only for your installation of OpenShift or are you suggesting this
become the standard for Origin?

The change that worries me is that some may think that is secure and
clients will be written that first fetch the server certificate from
the server and then use it for a 'trusted' connection.

I want to make the former work, but I'm cautious about the latter.


I would be concerned about that as well. Even though it should be obvious not to trust a CA obtained over http, never assume the obvious with security.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]