Bug 3323

Summary: claws-mail.org and thewildbeast.co.uk have no valid certificate
Product: Website Reporter: Hanno Boeck <hanno>
Component: GeneralAssignee: users
Status: RESOLVED FIXED    
Severity: enhancement CC: bugmenot, removed-gdpr
Priority: P3    
Version: unspecified   
Hardware: PC   
OS: Linux   

Description Hanno Boeck 2014-11-07 11:23:31 UTC 
These days the web is more and more going to https (with google pushing a lot).

The Website of claws-mail and also the bugtracker are only available with a self-signed certificate. I think there should be a way to log into the bug tracker with a valid certificate.

It is possible today to get certificates for free (startssl) that are accepted in all mainstream browsers so I think there's no need to use self-signed certs.
Comment 1 Andrej Kacian 2014-11-07 11:52:57 UTC 
I see you are a fan of illusion of security. That's all you're really getting with "official" certificate authorities.
Comment 2 Hanno Boeck 2014-11-07 11:56:43 UTC 
I'm well aware of the problems of certificate authorities, however it's a reality that they are the only usable system out there. If you're looking for something improved you could consider adding a HTTP Public Key Pinning Header.

However, I would mainly welcome a "valid" cert for convenience.
Comment 3 Paul 2018-05-27 11:53:22 UTC 
*** Bug 3723 has been marked as a duplicate of this bug. ***
Comment 4 Paul 2018-05-27 11:54:00 UTC 
*** Bug 3962 has been marked as a duplicate of this bug. ***