problem string: "The root certificate this one claims to be issued by is unknown."

Kevin Stange kstange at pidgin.im
Tue Sep 22 05:34:53 EDT 2009


William Ehlhardt wrote:
> On Mon, Sep 21, 2009 at 11:56 PM, Richard Laager <rlaager at wiktel.com> wrote:
>> On Tue, 2009-09-08 at 20:29 +0200, Yngve Spjeld Landro wrote:
>>> Yet :-O another string I am having trouble with: "The root certificate
>>> this one claims to be issued by is unknown." What/who is "this one"?
>> This message sounds awkward to me, a native English speaker.
>>
>> How about something like this:
>> "The certificate is issued by an unknown root."
>>
>> Or better, this message from Firefox:
>> "The certificate is not trusted because the issuer certificate is
>> unknown."
>>
>> Unless someone objects, I'm going to commit the latter.
> 
> As the original author of that clunker, I'll chime in. The message
> means to say that the certificate chain submitted by the remote host
> has been validated all the way back to its root, but the root itself
> is not in Pidgin's root certs list. Thus, strictly speaking (due to
> the possibility of multilevel chains), neither of these seems to be
> correct in all cases (nor is the original message, for that matter).
> 
> Pedantry aside, I think Richard's solution is fine, even though it is
> not literally correct.

I think that the either message can be read as literally accurate, for
the context of "unknown."  We're not saying we don't know what the root
certificate is, we're saying we don't know the root certificate.  Either
meaning could be interpreted.

It could perhaps be phrased this way:

"The certificate is not trusted because no certificate that can verify
it is currently trusted."

This wording includes the possibility we could actually add an
intermediate certificate, rather than a real root.  I'm not sure if
"verify" is a good word, but I'm a little sleepy.  I'm looking for a
synonym for "vouch for" that sounds more professional.

Kevin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/pipermail/devel/attachments/20090922/49fe09a1/attachment.sig>


More information about the Devel mailing list