Re: I noticed that the BBC are using Client Side Certs recently

Ah, right ? that?ll be because ssl.live.bbc.co.uk isn?t strictly a public-facing domain; https-everywhere is using it because technically it works, but it does have some unintended consequences (as you?ve seen).

M.

On  2014-May-07, at 10:18, Mischa Tuffield <mischa@mmt.me.uk> wrote:

> Hi Mo, 
> 
> I use Firefox, an https-everywhere (how did you guess!). 
> 
> I get it on pretty much every bbc.co.uk URL I access, for example : 
> 
> http://www.bbc.co.uk/sport/0/football/
> 
> I think the domain requesting the cert is ssl.live.bbc.co.uk.
> 
> Cheers! 
> 
> M
> 
> <Screen Shot 2014-05-07 at 10.16.32.png>
> On 7 May 2014, at 09:33, Mo McRoberts <Mo.McRoberts@bbc.co.uk> wrote:
> 
>> Oh, are you using https-everywhere or similar?
>> 
>> M.
>> 
>> On  2014-May-07, at 09:29, Mo McRoberts <Mo.McRoberts@bbc.co.uk> wrote:
>> 
>>> We?re not meant to be, not publicly at least?
>>> 
>>> There was a period where parts of the stack were ?optionally? requesting a client cert (we use X.509 client certificates extensively within the BBC for staff and contractors to access systems), and some browsers would always show a request dialog if so ? but I thought that had been switched off
>>> 
>>> Can you let me know which browser (I?m guessing Firefox) & URL you were accessing, and I?ll pass it onto the ops team?
>>> 
>>> M.
>>> 
>>> On  2014-May-06, at 00:49, Mischa Tuffield <mischa@mmt.me.uk> wrote:
>>> 
>>>> Hello All,
>>>> 
>>>> Apologies if this is old news, but over the last week or so I have noticed that the BBC are requesting a client side cert from me every time I visit their site, I wonder what they are doing, perhaps it is worth finding out somehow.
>>>> 
>>>> <Screen Shot 2014-05-06 at 00.46.31.png>
>>>> 
>>>> All the best and keep up the good work folk!
>>>> 
>>>> M
>>>> 
>>>> _______________________________
>>>> Mischa Tuffield PhD
>>>> http://mmt.me.uk/
>>>> @mischat
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>> 
>>> 
>>> 
>>> 
>>> --
>>> Mo McRoberts - Chief Technical Architect - Archives & Digital Public Space,
>>> Zone 2.12, BBC Scotland, 40 Pacific Quay, Glasgow G51 1DA.
>>> 
>>> Inside the BBC? My movements this week: http://neva.li/where-is-mo
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>> 
>> --
>> Mo McRoberts - Chief Technical Architect - Archives & Digital Public Space,
>> Zone 2.12, BBC Scotland, 40 Pacific Quay, Glasgow G51 1DA.
>> 
>> Inside the BBC? My movements this week: http://neva.li/where-is-mo
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> -----------------------------
>> http://www.bbc.co.uk
>> This e-mail (and any attachments) is confidential and
>> may contain personal views which are not the views of the BBC unless specifically stated.
>> If you have received it in
>> error, please delete it from your system.
>> Do not use, copy or disclose the
>> information in any way nor act in reliance on it and notify the sender
>> immediately.
>> Please note that the BBC monitors e-mails
>> sent or received.
>> Further communication will signify your consent to
>> this.
>> -----------------------------
> 
> _______________________________
> Mischa Tuffield PhD
> http://mmt.me.uk/
> @mischat
> 
> 
> 
> 
> 


-- 
Mo McRoberts - Chief Technical Architect - Archives & Digital Public Space,
Zone 2.12, BBC Scotland, 40 Pacific Quay, Glasgow G51 1DA.

Inside the BBC? My movements this week: http://neva.li/where-is-mo








-----------------------------
http://www.bbc.co.uk
This e-mail (and any attachments) is confidential and 
may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in 
error, please delete it from your system.
Do not use, copy or disclose the 
information in any way nor act in reliance on it and notify the sender 
immediately.
Please note that the BBC monitors e-mails 
sent or received.
Further communication will signify your consent to 
this.
-----------------------------

Forwarded message 1

  • From: Mo McRoberts <Mo.McRoberts@bbc.co.uk>
  • Date: Sun, 11 May 2014 10:40:34 +0000
  • Subject: Re: I noticed that the BBC are using Client Side Certs recently
  • To: Mischa Tuffield <mischa@mmt.me.uk>
  • CC: public-webid <public-webid@w3.org>
  • Message-ID: <FF802DC9-D728-42F1-BEE3-CEE492755FA1@bbc.co.uk>
Ah, right — that’ll be because ssl.live.bbc.co.uk isn’t strictly a public-facing domain; https-everywhere is using it because technically it works, but it does have some unintended consequences (as you’ve seen).

M.

On  2014-May-07, at 10:18, Mischa Tuffield <mischa@mmt.me.uk> wrote:

> Hi Mo, 
> 
> I use Firefox, an https-everywhere (how did you guess!). 
> 
> I get it on pretty much every bbc.co.uk URL I access, for example : 
> 
> http://www.bbc.co.uk/sport/0/football/
> 
> I think the domain requesting the cert is ssl.live.bbc.co.uk.
> 
> Cheers! 
> 
> M
> 
> <Screen Shot 2014-05-07 at 10.16.32.png>
> On 7 May 2014, at 09:33, Mo McRoberts <Mo.McRoberts@bbc.co.uk> wrote:
> 
>> Oh, are you using https-everywhere or similar?
>> 
>> M.
>> 
>> On  2014-May-07, at 09:29, Mo McRoberts <Mo.McRoberts@bbc.co.uk> wrote:
>> 
>>> We’re not meant to be, not publicly at least…
>>> 
>>> There was a period where parts of the stack were ‘optionally’ requesting a client cert (we use X.509 client certificates extensively within the BBC for staff and contractors to access systems), and some browsers would always show a request dialog if so — but I thought that had been switched off
>>> 
>>> Can you let me know which browser (I’m guessing Firefox) & URL you were accessing, and I’ll pass it onto the ops team?
>>> 
>>> M.
>>> 
>>> On  2014-May-06, at 00:49, Mischa Tuffield <mischa@mmt.me.uk> wrote:
>>> 
>>>> Hello All,
>>>> 
>>>> Apologies if this is old news, but over the last week or so I have noticed that the BBC are requesting a client side cert from me every time I visit their site, I wonder what they are doing, perhaps it is worth finding out somehow.
>>>> 
>>>> <Screen Shot 2014-05-06 at 00.46.31.png>
>>>> 
>>>> All the best and keep up the good work folk!
>>>> 
>>>> M
>>>> 
>>>> _______________________________
>>>> Mischa Tuffield PhD
>>>> http://mmt.me.uk/
>>>> @mischat
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>> 
>>> 
>>> 
>>> 
>>> --
>>> Mo McRoberts - Chief Technical Architect - Archives & Digital Public Space,
>>> Zone 2.12, BBC Scotland, 40 Pacific Quay, Glasgow G51 1DA.
>>> 
>>> Inside the BBC? My movements this week: http://neva.li/where-is-mo
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>> 
>> --
>> Mo McRoberts - Chief Technical Architect - Archives & Digital Public Space,
>> Zone 2.12, BBC Scotland, 40 Pacific Quay, Glasgow G51 1DA.
>> 
>> Inside the BBC? My movements this week: http://neva.li/where-is-mo
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> -----------------------------
>> http://www.bbc.co.uk
>> This e-mail (and any attachments) is confidential and
>> may contain personal views which are not the views of the BBC unless specifically stated.
>> If you have received it in
>> error, please delete it from your system.
>> Do not use, copy or disclose the
>> information in any way nor act in reliance on it and notify the sender
>> immediately.
>> Please note that the BBC monitors e-mails
>> sent or received.
>> Further communication will signify your consent to
>> this.
>> -----------------------------
> 
> _______________________________
> Mischa Tuffield PhD
> http://mmt.me.uk/
> @mischat
> 
> 
> 
> 
> 


-- 
Mo McRoberts - Chief Technical Architect - Archives & Digital Public Space,
Zone 2.12, BBC Scotland, 40 Pacific Quay, Glasgow G51 1DA.

Inside the BBC? My movements this week: http://neva.li/where-is-mo

Received on Sunday, 11 May 2014 10:41:06 UTC