httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: Please help with this Snake Oil problem
Date Wed, 28 Nov 2001 03:24:36 GMT
Apache doesn't currently distribute any SSL certificates whatsoever.
And the only issue with your 'snake oil' certificates is that they are
effectively invalid, only demonstrating that the communications are 
encrypted, but there is no trust provider.

The "Someone in control" would be the administrators of the specific
websites you are visiting.  Suing Microsoft because users don't replace
the IIS default page is as absurd as your suggestion in re. this cert.
Just like spam, badly administered web sites are something you simply
have to cope with.  The serenity prayer might come in handy here.

I am forwarding this to the httpd list, just to point out to the httpd
authors that, in spite of your silly and overly dramatic message, that 
this is a perception problem for end users [much like the "It Worked!
Apache is successfully installed." message] that should be avoided when
Apache 2.0's final SSL components are put in place.


----- Original Message ----- 
From: "V. Wolfe" <>
To: <>
Sent: Tuesday, November 27, 2001 8:20 PM
Subject: Please help with this Snake Oil problem

> Hello!
> I am really getting tired of the Snake Oil certificate
> coming
> up when I try to visit new sites, or even sites I design.
> It's beyond frustrating. I've wasted tons of time trying
> to track down contact people - find them - they don't
> reply. I am about to set out a lawsuit.
> Someone at Apache or the Snakey Oil people need
> to reply to me by December first with a solution.
> The certificate presents in a ridiculously sneaky mode,
> with no options to get beyond it.......
> Please relay this to someone in control of this
> situation.
> Thanks.
> V. Wolfe
> Seattle

View raw message