[R-SIG-Mac] Bioconductor Security Certificate

Loren Engrav engrav at u.washington.edu
Tue Dec 4 16:35:29 CET 2007 

Thank you


> From: Prof Brian Ripley <ripley at stats.ox.ac.uk>
> Date: Tue, 4 Dec 2007 11:26:38 +0000 (GMT)
> To: Michele Marcionelli <michele.marcionelli at math.ethz.ch>
> Cc: Loren Engrav <engrav at u.washington.edu>, RMacHelp
> <r-sig-mac at stat.math.ethz.ch>, <elw at stderr.org>
> Subject: Re: [R-SIG-Mac] Bioconductor Security Certificate
> 
> On Tue, 4 Dec 2007, Michele Marcionelli wrote:
> 
>> The official URL for the Seminar for Statistics (at the ETH Zurich) is
>> 
>> http://stat.ethz.ch
>> 
>> and not http://www.stat.math.ethz.ch, wich is just an alias; so the SSL
>> Certificate belongs to the main address "stat.ethz.ch".
>> 
>> I just checked on http://www.bioconductor.org/docs/mailList.html an saw that
>> the link points to https://stat.ethz.ch/... which is correct. Did someone
>> already update it?
> 
> Yes, I arranged for it to be updated by their webmaster.   Thank you for
> looking into it.
> 
>> 
>> Kind regards,
>> Michele Marcionelli
>> (webmaster at math.ethz.ch)
>> 
>> 
>> --
>> ETH Zürich
>> Michele Marcionelli
>> IT Support Gruppe D-MATH
>> HG G 18
>> Rämistrasse 101
>> CH?8092 Zürich
>> 
>> michele.marcionelli at math.ethz.ch
>> http://www.math.ethz.ch/~michele
>> 
>> +41 44 632 6193 Telefon
>> +41 44 632 1404 Fax
>> 
>> 
>> On 28.11.2007, at 20:09, Loren Engrav wrote:
>> 
>>> It is true as James MacDonald indicated that a spoof of Bio is unlikely so
>>> I
>>> have been just ignoring the warning
>>> 
>>> And there are other work arounds, like telling computer to "always trust"
>>> or
>>> grabbing the offered certificate and installing it in the keychain
>>> 
>>> On the other hand, ignoring security warnings is generally not a good idea
>>> and if the fix is easy, why not fix it and avoid the work arounds
>>> 
>>> And then a security certificate that everyone ignores is not "security"
>>> 
>>> The certificate indicates email address is webmaster at math.ethz.ch so I
>>> included same in thread
>>> 
>>> Thank you
>>> 
>>> Loren Engrav
>>> Univ Washington
>>> Seattle, WA USA
>>> 
>>>> From: Prof Brian Ripley <ripley at stats.ox.ac.uk>
>>>> Date: Wed, 28 Nov 2007 14:06:52 +0000 (GMT)
>>>> To: <elw at stderr.org>
>>>> Cc: Loren Engrav <engrav at u.washington.edu>, RMacHelp
>>>> <r-sig-mac at stat.math.ethz.ch>
>>>> Subject: Re: [R-SIG-Mac] Bioconductor Security Certificate
>>>> 
>>>> It would be better for the base URLs to match.  The R-help address is
>>>> e.g..
>>>> 
>>>> https://stat.ethz.ch/mailman/listinfo/r-help
>>>> 
>>>> If BioC linked to https://stat.ethz.ch/mailman/listinfo/bioconductor
>>>> (which works) this particular warning would not appear.  (If I could find
>>>> a webmaster address for BioC I would report it.)
>>>> 
>>>> (The certificate is not on Bioconductor nor on R's computers, but an
>>>> ETHZ..
>>>> There have been suggestions to buy a commercial certificate for use on the
>>>> R project's mailing list and svn servers hosted by ETHZ, but AFAIK they
>>>> have all fizzled out.)
>>>> 
>>>> On Wed, 28 Nov 2007, elw at stderr.org wrote:
>>>> 
>>>>> the ssl certificate on the archives at stat.math.ethz.ch is a
>>>>> privately-generated certificate.  that doesn't mean that there's anything
>>>>> wrong with it, just that it isn't something that is "trusted" by the
>>>>> keychains that come preloaded with your browser.
>>>>> 
>>>>> --elijah
>>>>> 
>>>>> On Tue, 27 Nov 2007, Loren Engrav wrote:
>>>>> 
>>>>>> Date: Tue, 27 Nov 2007 21:00:10 -0800
>>>>>> From: Loren Engrav <engrav at u.washington.edu>
>>>>>> To: RMacHelp <r-sig-mac at stat.math.ethz.ch>
>>>>>> Subject: Re: [R-SIG-Mac] Bioconductor Security Certificate
>>>>>> 
>>>>>> Strange
>>>>>> 
>>>>>> Same thing happens on my kids Windows computer
>>>>>> 
>>>>>> I guess I do not understand as I do several secure websites per day and
>>>>>> do
>>>>>> not see this message
>>>>>> 
>>>>>> I thought a certificate on my computer checks the certificate on the
>>>>>> sending
>>>>>> computer, if they match, page passes, if they do not match, message
>>>>>> comes
>>>>>> up
>>>>>> indicating potential trouble, so to go to a secure page I must install
>>>>>> the
>>>>>> proper certificate, but I have no certificate for Bio nor can I find one
>>>>>> 
>>>>>> So I asked <bioconductor-owner at stat.math.ethz.ch> what to do...
>>>>>> 
>>>>>> Thank you
>>>>>> 
>>>>>> Loren Engrav
>>>>>> Univ Wash
>>>>>> Seattle
>>>>>> 
>>>>>>> From: Sean Davis <sdavis2 at mail.nih.gov>
>>>>>>> Date: Tue, 27 Nov 2007 19:21:52 -0500
>>>>>>> To: Loren Engrav <engrav at u.washington.edu>
>>>>>>> Cc: RMacHelp <r-sig-mac at stat.math.ethz.ch>
>>>>>>> Subject: Re: [R-SIG-Mac] Bioconductor Security Certificate
>>>>>>> 
>>>>>>> On Nov 27, 2007 6:04 PM, Loren Engrav <engrav at u.washington.edu> wrote:
>>>>>>> Am
>>>>>>> using MacOS 10.4.11 and Safari 3.0.4
>>>>>>> but same happens with Firefox
>>>>>>> 2.0.0.9
>>>>>>> 
>>>>>>> When I go to
>>>>>>> 
>>>>>>> <http://www.bioconductor.org/docs/mailList.html>
>>>>>>> 
>>>>>>> And click on ©øweb
>>>>>>> interface©÷ at the line "Subscribe to or browse this list
>>>>>>> through the web
>>>>>>> interface."
>>>>>>> 
>>>>>>> I get the message
>>>>>>> 
>>>>>>> You have attempted to establish a
>>>>>>> connection with "'www.stat.math.ethz.ch".
>>>>>>> However, the security
>>>>>>> 
>>>>>>> certificate presented belongs to "stat.ethz.ch". It is possible, though
>>>>>>> 
>>>>>>> unlikely, that someone may be trying to intercept your communication
>>>>>>> with>
>>>>>>> this web site.
>>>>>>> 
>>>>>>> If you suspect the certificate shown does not belong to
>>>>>>> 
>>>>>>> "www.stat.math.ethz.ch" please cancel the connection and notify the
>>>>>>> site
>>>>>>> 
>>>>>>> administrator.
>>>>>>> 
>>>>>>> How do I fix this?
>>>>>> 
>>>>>> This is normal with a connection to a
>>>>>> secure website.  Bioconductor
>>>>>> does not maintain the website at
>>>>>> stat.ethz.ch.
>>>>>> 
>>>>>>> Thank you
>>>>>>> 
>>>>>>> I tried to find a Bioconductor web
>>>>>>> administrator and failed
>>>>>> 
>>>>>> This is not a problem and is not a bioconductor
>>>>>> problem.  All web
>>>>>> browsers on all systems should behave something like
>>>>>> this.
>>>>>> 
>>>>>> Sean
>>>>>> _______________________________________________
>>>>>> R-SIG-Mac mailing list
>>>>>> R-SIG-Mac at stat.math.ethz.ch
>>>>>> https://stat.ethz.ch/mailman/listinfo/r-sig-mac
>>>> 
>>>> -- 
>>>> Brian D. Ripley,                  ripley at stats.ox.ac.uk
>>>> Professor of Applied Statistics,  http://www.stats.ox.ac.uk/~ripley/
>>>> University of Oxford,             Tel:  +44 1865 272861 (self)
>>>> 1 South Parks Road,                     +44 1865 272866 (PA)
>>>> Oxford OX1 3TG, UK                Fax:  +44 1865 272595
>> 
> 
> -- 
> Brian D. Ripley,                  ripley at stats.ox.ac.uk
> Professor of Applied Statistics,  http://www.stats.ox.ac.uk/~ripley/
> University of Oxford,             Tel:  +44 1865 272861 (self)
> 1 South Parks Road,                     +44 1865 272866 (PA)
> Oxford OX1 3TG, UK                Fax:  +44 1865 272595

More information about the R-SIG-Mac mailing list