jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: Increase validity duration of JMeter Root CA
Date Thu, 19 Jul 2018 09:31:31 GMT
On 19 July 2018 at 10:28, Philippe Mouawad <philippe.mouawad@gmail.com> wrote:
> Hello sebb,
>
> Yes users can change, but once again, it means adjusting defaults, knowing
> they can be adjusted and which property it is.

That can be documented.

> Why not make defaults better for usability ?

Because it compromises security.

> It looks like 3 months would be good for Bruno, Antonio, me.
> Is it really a blocker for you ? if yes why ?

As above.

> @Others what's your opinion ?
>
> Thanks
>
>
>
> On Thu, Jul 19, 2018 at 10:55 AM, sebb <sebbaz@gmail.com> wrote:
>
>> It's a trade-off between convenience and security.
>>
>> It's risky adding the certificate to the browser.
>>
>> I don't think the default should be changed.
>>
>> Users can always change it themselves if they accept the risks.
>> E.g. if they use a separate browser installation that has certificate,
>> then a longer validity is more sensible.
>> It's too easy to forget that the cert has been added to the browser.
>>
>> S.
>> On 19 July 2018 at 09:35, Antonio Gomes Rodrigues <ra0077@gmail.com>
>> wrote:
>> > +1 for me
>> >
>> > Le jeu. 19 juil. 2018 à 10:27, Philippe Mouawad <
>> > p.mouawad@ubik-ingenierie.com> a écrit :
>> >
>> >> Hello,
>> >> Currently :
>> >>
>> >>    - proxy.cert.validity=7
>> >>
>> >>
>> >> This is annoying for users who must remember to add the ROOT JMeter
>> >> certificate to browser every week .
>> >>
>> >> I would suggest setting it to 1 year or at least 1 month.
>> >>
>> >> Regards
>> >> Philippe
>> >>
>>
>
>
>
> --
> Cordialement.
> Philippe Mouawad.

Mime
View raw message