Re: I noticed that the BBC are using Client Side Certs recently

Hi Mo, 

I use Firefox, an https-everywhere (how did you guess!). 

I get it on pretty much every bbc.co.uk URL I access, for example : 

http://www.bbc.co.uk/sport/0/football/

I think the domain requesting the cert is ssl.live.bbc.co.uk.

Cheers! 

M


On 7 May 2014, at 09:33, Mo McRoberts <Mo.McRoberts@bbc.co.uk> wrote:

> Oh, are you using https-everywhere or similar?
> 
> M.
> 
> On  2014-May-07, at 09:29, Mo McRoberts <Mo.McRoberts@bbc.co.uk> wrote:
> 
>> We’re not meant to be, not publicly at least…
>> 
>> There was a period where parts of the stack were ‘optionally’ requesting a client cert (we use X.509 client certificates extensively within the BBC for staff and contractors to access systems), and some browsers would always show a request dialog if so — but I thought that had been switched off
>> 
>> Can you let me know which browser (I’m guessing Firefox) & URL you were accessing, and I’ll pass it onto the ops team?
>> 
>> M.
>> 
>> On  2014-May-06, at 00:49, Mischa Tuffield <mischa@mmt.me.uk> wrote:
>> 
>>> Hello All,
>>> 
>>> Apologies if this is old news, but over the last week or so I have noticed that the BBC are requesting a client side cert from me every time I visit their site, I wonder what they are doing, perhaps it is worth finding out somehow.
>>> 
>>> <Screen Shot 2014-05-06 at 00.46.31.png>
>>> 
>>> All the best and keep up the good work folk!
>>> 
>>> M
>>> 
>>> _______________________________
>>> Mischa Tuffield PhD
>>> http://mmt.me.uk/
>>> @mischat
>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>> 
>> 
>> 
>> --
>> Mo McRoberts - Chief Technical Architect - Archives & Digital Public Space,
>> Zone 2.12, BBC Scotland, 40 Pacific Quay, Glasgow G51 1DA.
>> 
>> Inside the BBC? My movements this week: http://neva.li/where-is-mo
>> 
>> 
>> 
>> 
>> 
>> 
> 
> 
> --
> Mo McRoberts - Chief Technical Architect - Archives & Digital Public Space,
> Zone 2.12, BBC Scotland, 40 Pacific Quay, Glasgow G51 1DA.
> 
> Inside the BBC? My movements this week: http://neva.li/where-is-mo
> 
> 
> 
> 
> 
> 
> 
> 
> -----------------------------
> http://www.bbc.co.uk
> This e-mail (and any attachments) is confidential and
> may contain personal views which are not the views of the BBC unless specifically stated.
> If you have received it in
> error, please delete it from your system.
> Do not use, copy or disclose the
> information in any way nor act in reliance on it and notify the sender
> immediately.
> Please note that the BBC monitors e-mails
> sent or received.
> Further communication will signify your consent to
> this.
> -----------------------------

_______________________________
Mischa Tuffield PhD
http://mmt.me.uk/
@mischat

Received on Wednesday, 7 May 2014 09:19:21 UTC