[R-SIG-Mac] Bioconductor Security Certificate

Loren Engrav engrav at u.washington.edu
Thu Nov 29 00:45:11 CET 2007 

So I heard the following from webmaster at math.ethz.ch, maybe can be solved on
12/3, or not
======================

Thank you for your message. I will read it when I return on 12/3

For support problems, please contact the IT Support Group D-MATH:
    email: isg at math.ethz.ch
    phone: +41 44 632 2230

Please note: This standard reply will only be sent once per
week, even if you send me more messages in the meantime.

Thank you for your patience and best regards,
Michele Marcionelli





> 
> 
> It is true as James MacDonald indicated that a spoof of Bio is unlikely so I
> have been just ignoring the warning
> 
> And there are other work arounds, like telling computer to "always trust" or
> grabbing the offered certificate and installing it in the keychain
> 
> On the other hand, ignoring security warnings is generally not a good idea and
> if the fix is easy, why not fix it and avoid the work arounds
> 
> And then a security certificate that everyone ignores is not "security"
> 
> The certificate indicates email address is webmaster at math.ethz.ch so I
> included same in thread
> 
> Thank you
> 
> Loren Engrav
> Univ Washington
> Seattle, WA USA
> 
> 
> 
> 
>> From: Prof Brian Ripley <ripley at stats.ox.ac.uk>
>> Date: Wed, 28 Nov 2007 14:06:52 +0000 (GMT)
>> To: <elw at stderr.org>
>> Cc: Loren Engrav <engrav at u.washington.edu>, RMacHelp
>> <r-sig-mac at stat.math.ethz.ch>
>> Subject: Re: [R-SIG-Mac] Bioconductor Security Certificate
>> 
>> It would be better for the base URLs to match.  The R-help address is e.g.
>> 
>> https://stat.ethz.ch/mailman/listinfo/r-help
>> 
>> If BioC linked to https://stat.ethz.ch/mailman/listinfo/bioconductor
>> (which works) this particular warning would not appear.  (If I could find
>> a webmaster address for BioC I would report it.)
>> 
>> (The certificate is not on Bioconductor nor on R's computers, but an ETHZ.
>> There have been suggestions to buy a commercial certificate for use on the
>> R project's mailing list and svn servers hosted by ETHZ, but AFAIK they
>> have all fizzled out.)
>> 
>> 
>> On Wed, 28 Nov 2007, elw at stderr.org wrote:
>> 
>>> the ssl certificate on the archives at stat.math.ethz.ch is a
>>> privately-generated certificate.  that doesn't mean that there's anything
>>> wrong with it, just that it isn't something that is "trusted" by the
>>> keychains that come preloaded with your browser.
>>> 
>>> --elijah
>>> 
>>> 
>>> On Tue, 27 Nov 2007, Loren Engrav wrote:
>>> 
>>>> Date: Tue, 27 Nov 2007 21:00:10 -0800
>>>> From: Loren Engrav <engrav at u.washington.edu>
>>>> To: RMacHelp <r-sig-mac at stat.math.ethz.ch>
>>>> Subject: Re: [R-SIG-Mac] Bioconductor Security Certificate
>>>> 
>>>> Strange
>>>> 
>>>> Same thing happens on my kids Windows computer
>>>> 
>>>> I guess I do not understand as I do several secure websites per day and do
>>>> not see this message
>>>> 
>>>> I thought a certificate on my computer checks the certificate on the
>>>> sending
>>>> computer, if they match, page passes, if they do not match, message comes
>>>> up
>>>> indicating potential trouble, so to go to a secure page I must install the
>>>> proper certificate, but I have no certificate for Bio nor can I find one
>>>> 
>>>> So I asked <bioconductor-owner at stat.math.ethz.ch> what to do...
>>>> 
>>>> Thank you
>>>> 
>>>> Loren Engrav
>>>> Univ Wash
>>>> Seattle
>>>> 
>>>> 
>>>> 
>>>>> From: Sean Davis <sdavis2 at mail.nih.gov>
>>>>> Date: Tue, 27 Nov 2007 19:21:52 -0500
>>>>> To: Loren Engrav <engrav at u.washington.edu>
>>>>> Cc: RMacHelp <r-sig-mac at stat.math.ethz.ch>
>>>>> Subject: Re: [R-SIG-Mac] Bioconductor Security Certificate
>>>>> 
>>>>> On Nov 27, 2007 6:04 PM, Loren Engrav <engrav at u.washington.edu> wrote:
>>>>> Am
>>>>> using MacOS 10.4.11 and Safari 3.0.4
>>>>> but same happens with Firefox
>>>>> 2.0.0.9
>>>>> 
>>>>> When I go to
>>>>> 
>>>>> <http://www.bioconductor.org/docs/mailList.html>
>>>>> 
>>>>> And click on ©øweb
>>>>> interface©÷ at the line "Subscribe to or browse this list
>>>>> through the web
>>>>> interface."
>>>>> 
>>>>> I get the message
>>>>> 
>>>>> You have attempted to establish a
>>>>> connection with "'www.stat.math.ethz.ch".
>>>>> However, the security
>>>>> 
>>>>> certificate presented belongs to "stat.ethz.ch". It is possible, though
>>>>> 
>>>>> unlikely, that someone may be trying to intercept your communication with>
>>>>> this web site.
>>>>> 
>>>>> If you suspect the certificate shown does not belong to
>>>>> 
>>>>> "www.stat.math.ethz.ch" please cancel the connection and notify the site
>>>>> 
>>>>> administrator.
>>>>> 
>>>>> How do I fix this?
>>>> 
>>>> This is normal with a connection to a
>>>> secure website.  Bioconductor
>>>> does not maintain the website at
>>>> stat.ethz.ch.
>>>> 
>>>>> Thank you
>>>>> 
>>>>> I tried to find a Bioconductor web
>>>>> administrator and failed
>>>> 
>>>> This is not a problem and is not a bioconductor
>>>> problem.  All web
>>>> browsers on all systems should behave something like
>>>> this.
>>>> 
>>>> Sean
>>>> 
>>>> _______________________________________________
>>>> R-SIG-Mac mailing list
>>>> R-SIG-Mac at stat.math.ethz.ch
>>>> https://stat.ethz.ch/mailman/listinfo/r-sig-mac
>>> 
>> 
>> -- 
>> Brian D. Ripley,                  ripley at stats.ox.ac.uk
>> Professor of Applied Statistics,  http://www.stats.ox.ac.uk/~ripley/
>> University of Oxford,             Tel:  +44 1865 272861 (self)
>> 1 South Parks Road,                     +44 1865 272866 (PA)
>> Oxford OX1 3TG, UK                Fax:  +44 1865 272595

More information about the R-SIG-Mac mailing list