[R-SIG-Mac] Bioconductor Security Certificate

Prof Brian Ripley ripley at stats.ox.ac.uk
Tue Dec 4 12:26:38 CET 2007 

On Tue, 4 Dec 2007, Michele Marcionelli wrote:

> The official URL for the Seminar for Statistics (at the ETH Zurich) is
>
> 	http://stat.ethz.ch
>
> and not http://www.stat.math.ethz.ch, wich is just an alias; so the SSL 
> Certificate belongs to the main address "stat.ethz.ch".
>
> I just checked on http://www.bioconductor.org/docs/mailList.html an saw that 
> the link points to https://stat.ethz.ch/... which is correct. Did someone 
> already update it?

Yes, I arranged for it to be updated by their webmaster.   Thank you for 
looking into it.

>
> Kind regards,
> Michele Marcionelli
> (webmaster at math.ethz.ch)
>
>
> --
> ETH Zürich
> Michele Marcionelli
> IT Support Gruppe D-MATH
> HG G 18
> Rämistrasse 101
> CH?8092 Zürich
>
> michele.marcionelli at math.ethz.ch
> http://www.math.ethz.ch/~michele
>
> +41 44 632 6193 Telefon
> +41 44 632 1404 Fax
>
>
> On 28.11.2007, at 20:09, Loren Engrav wrote:
>
>> It is true as James MacDonald indicated that a spoof of Bio is unlikely so 
>> I
>> have been just ignoring the warning
>> 
>> And there are other work arounds, like telling computer to "always trust" 
>> or
>> grabbing the offered certificate and installing it in the keychain
>> 
>> On the other hand, ignoring security warnings is generally not a good idea
>> and if the fix is easy, why not fix it and avoid the work arounds
>> 
>> And then a security certificate that everyone ignores is not "security"
>> 
>> The certificate indicates email address is webmaster at math.ethz.ch so I
>> included same in thread
>> 
>> Thank you
>> 
>> Loren Engrav
>> Univ Washington
>> Seattle, WA USA
>> 
>>> From: Prof Brian Ripley <ripley at stats.ox.ac.uk>
>>> Date: Wed, 28 Nov 2007 14:06:52 +0000 (GMT)
>>> To: <elw at stderr.org>
>>> Cc: Loren Engrav <engrav at u.washington.edu>, RMacHelp
>>> <r-sig-mac at stat.math.ethz.ch>
>>> Subject: Re: [R-SIG-Mac] Bioconductor Security Certificate
>>> 
>>> It would be better for the base URLs to match.  The R-help address is 
>>> e.g..
>>> 
>>> https://stat.ethz.ch/mailman/listinfo/r-help
>>> 
>>> If BioC linked to https://stat.ethz.ch/mailman/listinfo/bioconductor
>>> (which works) this particular warning would not appear.  (If I could find
>>> a webmaster address for BioC I would report it.)
>>> 
>>> (The certificate is not on Bioconductor nor on R's computers, but an 
>>> ETHZ..
>>> There have been suggestions to buy a commercial certificate for use on the
>>> R project's mailing list and svn servers hosted by ETHZ, but AFAIK they
>>> have all fizzled out.)
>>> 
>>> On Wed, 28 Nov 2007, elw at stderr.org wrote:
>>> 
>>>> the ssl certificate on the archives at stat.math.ethz.ch is a
>>>> privately-generated certificate.  that doesn't mean that there's anything
>>>> wrong with it, just that it isn't something that is "trusted" by the
>>>> keychains that come preloaded with your browser.
>>>> 
>>>> --elijah
>>>> 
>>>> On Tue, 27 Nov 2007, Loren Engrav wrote:
>>>> 
>>>>> Date: Tue, 27 Nov 2007 21:00:10 -0800
>>>>> From: Loren Engrav <engrav at u.washington.edu>
>>>>> To: RMacHelp <r-sig-mac at stat.math.ethz.ch>
>>>>> Subject: Re: [R-SIG-Mac] Bioconductor Security Certificate
>>>>> 
>>>>> Strange
>>>>> 
>>>>> Same thing happens on my kids Windows computer
>>>>> 
>>>>> I guess I do not understand as I do several secure websites per day and 
>>>>> do
>>>>> not see this message
>>>>> 
>>>>> I thought a certificate on my computer checks the certificate on the
>>>>> sending
>>>>> computer, if they match, page passes, if they do not match, message 
>>>>> comes
>>>>> up
>>>>> indicating potential trouble, so to go to a secure page I must install 
>>>>> the
>>>>> proper certificate, but I have no certificate for Bio nor can I find one
>>>>> 
>>>>> So I asked <bioconductor-owner at stat.math.ethz.ch> what to do...
>>>>> 
>>>>> Thank you
>>>>> 
>>>>> Loren Engrav
>>>>> Univ Wash
>>>>> Seattle
>>>>> 
>>>>>> From: Sean Davis <sdavis2 at mail.nih.gov>
>>>>>> Date: Tue, 27 Nov 2007 19:21:52 -0500
>>>>>> To: Loren Engrav <engrav at u.washington.edu>
>>>>>> Cc: RMacHelp <r-sig-mac at stat.math.ethz.ch>
>>>>>> Subject: Re: [R-SIG-Mac] Bioconductor Security Certificate
>>>>>> 
>>>>>> On Nov 27, 2007 6:04 PM, Loren Engrav <engrav at u.washington.edu> wrote:
>>>>>> Am
>>>>>> using MacOS 10.4.11 and Safari 3.0.4
>>>>>> but same happens with Firefox
>>>>>> 2.0.0.9
>>>>>> 
>>>>>> When I go to
>>>>>> 
>>>>>> <http://www.bioconductor.org/docs/mailList.html>
>>>>>> 
>>>>>> And click on ©øweb
>>>>>> interface©÷ at the line "Subscribe to or browse this list
>>>>>> through the web
>>>>>> interface."
>>>>>> 
>>>>>> I get the message
>>>>>> 
>>>>>> You have attempted to establish a
>>>>>> connection with "'www.stat.math.ethz.ch".
>>>>>> However, the security
>>>>>> 
>>>>>> certificate presented belongs to "stat.ethz.ch". It is possible, though
>>>>>> 
>>>>>> unlikely, that someone may be trying to intercept your communication 
>>>>>> with>
>>>>>> this web site.
>>>>>> 
>>>>>> If you suspect the certificate shown does not belong to
>>>>>> 
>>>>>> "www.stat.math.ethz.ch" please cancel the connection and notify the 
>>>>>> site
>>>>>> 
>>>>>> administrator.
>>>>>> 
>>>>>> How do I fix this?
>>>>> 
>>>>> This is normal with a connection to a
>>>>> secure website.  Bioconductor
>>>>> does not maintain the website at
>>>>> stat.ethz.ch.
>>>>> 
>>>>>> Thank you
>>>>>> 
>>>>>> I tried to find a Bioconductor web
>>>>>> administrator and failed
>>>>> 
>>>>> This is not a problem and is not a bioconductor
>>>>> problem.  All web
>>>>> browsers on all systems should behave something like
>>>>> this.
>>>>> 
>>>>> Sean
>>>>> _______________________________________________
>>>>> R-SIG-Mac mailing list
>>>>> R-SIG-Mac at stat.math.ethz.ch
>>>>> https://stat.ethz.ch/mailman/listinfo/r-sig-mac
>>> 
>>> -- 
>>> Brian D. Ripley,                  ripley at stats.ox.ac.uk
>>> Professor of Applied Statistics,  http://www.stats.ox.ac.uk/~ripley/
>>> University of Oxford,             Tel:  +44 1865 272861 (self)
>>> 1 South Parks Road,                     +44 1865 272866 (PA)
>>> Oxford OX1 3TG, UK                Fax:  +44 1865 272595
>

-- 
Brian D. Ripley,                  ripley at stats.ox.ac.uk
Professor of Applied Statistics,  http://www.stats.ox.ac.uk/~ripley/
University of Oxford,             Tel:  +44 1865 272861 (self)
1 South Parks Road,                     +44 1865 272866 (PA)
Oxford OX1 3TG, UK                Fax:  +44 1865 272595

More information about the R-SIG-Mac mailing list