[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Should we include nss-certs out of the box?
|
From: |
Clément Lassieur |
|
Subject: |
Re: Should we include nss-certs out of the box? |
|
Date: |
Fri, 26 Apr 2024 00:42:38 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Hello!
On Thu, Apr 25 2024, Maxim Cournoyer wrote:
> Clément Lassieur <clement@lassieur.org> writes:
>
>> On Wed, Apr 03 2024, Maxim Cournoyer wrote:
>>
>>> It's been Guix policy to let people choose whether to install or not TLS
>>> root certificates and which one to their machine. While I applaud the
>>> idea to have the users make a conscious decision about it, in practice I
>>> suppose very few of us choose to *not* install any as that basically
>>> breaks using web browsers, especially ones like IceCat which (by
>>> default) ensures HTTPS is used on every page.
>>
>> I'd be surprised Icecat breaks from this as it uses its own cert
>> database and allows HTTP when HTTPS doesn't work.
>
> I didn't know Icecat had its own cert database.
>
> About allowing HTTP, it can access pages using it, but not without going
> through a "Continue despite security risks" dialog, and perhaps turning
> off the HTTPS everywhere add-on for the page, which is installed by
> default.
Indeed! (Well it's not an add-on anymore, but a Firefox native mode
called HTTPS-only.)
https://support.mozilla.org/en-US/kb/https-only-prefs
Cheers,
Clément
- Should we include nss-certs out of the box?, Maxim Cournoyer, 2024/04/03
- Re: Should we include nss-certs out of the box?, Ryan Prior, 2024/04/03
- Re: Should we include nss-certs out of the box?, Felix Lechner, 2024/04/03
- Re: Should we include nss-certs out of the box?, Jan Wielkiewicz, 2024/04/05
- Re: Should we include nss-certs out of the box?, Richard Sent, 2024/04/08
- Re: Should we include nss-certs out of the box?, Ludovic Courtès, 2024/04/10
- Re: Should we include nss-certs out of the box?, Clément Lassieur, 2024/04/23