Ubuntu
nss package

SSL cert for news.launchpad.net

Bug #553495 reported by Guy Taylor
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Launchpad itself
Won't Fix
Undecided
Unassigned
NSS
Invalid
Undecided
Unassigned
nss (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

https://news.launchpad.net/ uses a SSL certification signed by Canonical.

Currently this is not in the root certs so a warning message appears. Can this be resigned by a trusted root?

See original description
Tags: lp-web
Revision history for this message
Micah Gersten (micahg) wrote :

We can't add to NSS random CAs, even by Canonical.

Changed in nss:
status: New → Invalid
Revision history for this message
Micah Gersten (micahg) wrote :

That should be random root certs, but you get the idea. :)

Revision history for this message
Guy Taylor (thebiggerguy) wrote :

I agree that adding random certs to upstream NSS would be unwise. I do however think that it should be added as a local patch to the Ubuntu release of NSS or news.launchpad.net should be resigned with a trusted root.

Revision history for this message
Guy Taylor (thebiggerguy) wrote :

Should firefox be added or chrome be removed? Technically it is not a bug with them but it is where the user will see this?

Revision history for this message
Chris Coulson (chrisccoulson) wrote :

Closing the distro task. We should not be adding our own certificate to the database to work around this. For NSS, there is a well defined policy and vetting process for the inclusion of new certificates ([1] and [2]), which any organisation must follow. Under no circumstances should we start bypassing these processes and adding new certificates on a whim

[1] - http://www.mozilla.org/projects/security/certs/policy/
[2] - https://wiki.mozilla.org/CA:Schedule

Changed in chromium-browser (Ubuntu):
status: New → Won't Fix
Micah Gersten (micahg)
affects: chromium-browser (Ubuntu) → nss (Ubuntu)
Guy Taylor (thebiggerguy)
description: updated
Revision history for this message
Francis J. Lacoste (flacoste) wrote :

How did you end up on https://news.launchpad.net? That link should be changed to use http:// and should point at blog.launchpad.net

Changed in launchpad-web:
status: New → Incomplete
Revision history for this message
Guy Taylor (thebiggerguy) wrote :

@Francis It was through a link that I went to https but as it was four moths ago I can not remember where from, sorry.

Why is news.launchpad.net not on the same cert as launchpad.net? would it not be more sensible to have all *.launchpad.net on the same cert?

Using Google http://www.google.co.uk/#q=link:news.launchpad.net+"https://news" I found https://launchpad.net/rosetta/+announcements?start=10 that links using https so there are links out there....

Revision history for this message
Robert Collins (lifeless) wrote :

 https://launchpad.net/rosetta/+announcements?start=10 links to http://news.launchpad.net - no https. I'm going to 'wont fix this' - our news site is plain http, and the fact it works over https at all is incidental.

We can't use the same cert because its not a wildcard certificate.

Changed in launchpad:
status: Incomplete → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.