[josm-dev] JOSM wants to add a certificate?

[Maarten Deen]

On 2014-07-07 13:36, Dirk Stöcker wrote:
> On Sun, 6 Jul 2014, Maarten Deen wrote:
> 
>> I opened JOSM (webstart) and it came with a question to install a 
>> certification authority for localhost with a sha1 thumbprint
>> I have no knowledge of having generated a sha1 thumbprint on my 
>> windows computer, so I am interested to know how JOSM can ask this.
>> I also don't know why JOSM needs this. Is this something from JOSM or 
>> has some worm crawled in? (yes, this was the first thing that entered 
>> my mind).
> 
> Due to the browser restrictions of today any request to the remote
> control of JOSM needs to be HTTPS as well when used from a HTTPS page.
> For a HTTPS server functionality we need a certificate. The request
> you talk about tries to copy that certificate to the JAVA keystore, so
> it can be used. The browser still should ask you about it (at least
> for first connection), as it is a self-signed cert.

But whose certificate is it? Where can I validate the key? It is not 
localhost, because my computer is localhost and it is not a key I 
generated on my computer. It is JOSM that is trying to install this 
certificate. So the "certification authority caliming to represent 
localhost" is not correct. At least that should be changed to JOSM.

>> Lets make it clear that, not having created this thumbprint myself, I 
>> can not verify this thumbprint and that this seems a very strange way 
>> of operating.
> 
> If you have a better solution, feel free to fix it.

I really dislike such replies. You seem to insinuate that the only ones 
to make comments are the ones that have the knowledge and ability to 
change the source.
I hope my view of your answer is incorrect.
You may not like criticism, but my goal is not to talk the developers of 
JOSM down but to try to give them hints of how things could (IMHO) 
improve.

Regards,
Maarten