[MPI3 Fortran] Agenda for MPI3 Fortran Working group next week

[N.M. Maclaren]

>The CA for that SSL certificate is here -- it covers all sites run by  
>the Indiana University Computer Science department (e.g., including  
>the Open MPI SSL-enabled web sites):
>
>     http://www.cs.indiana.edu/Facilities/FAQ/Mail/csci.crt

Thanks.  That's not actually the biggest problem.

>Install that CA and you should have no problems getting to the site.   
>Or just install the Firefox exception and you should be fine, too.

Aargh!  NO, you are NOT!  The whole SSL/https design is cretinous, and
that is seriously dangerous if you ever use your browser for anything
important.

The risk is that someone will hack that site, you will not hear about it
(because it isn't an official site), and the bogus key will be used to
get your credit card details.  That is why you should NEVER install an
'unofficial' key (EVEN one that you trust).

Note that "hacking that site" includes just getting hold of the private
key and running a DNS spoofer that catches you, so the site owner changing
key does NOT stop the insecurity - YOU have to cancel the key which, in
turn, means that you have to hear of the compromise.

>Complain if you want to, but IMNSHO, IU has done a damn fine job of  
>hosting both Open MPI and the MPI Forum (and absorbing all the  
>associated costs).  Yes, I feel a little strongly about this issue.  :-)

All credit to them for that, but why https?  There are much simpler and
better mechanisms.

>We're using Trac to keep track of MPI 2.2/3 proposals.  Sometimes it  
>unfortunately exhibits bugs like this -- just reload the page and it  
>should be fine.  I just went to that page right now and it worked for  
>me, FWIW.

Thanks again.


Regards,
Nick Maclaren,
University of Cambridge Computing Service,
New Museums Site, Pembroke Street, Cambridge CB2 3QH, England.
Email:  nmm1 at cam.ac.uk
Tel.:  +44 1223 334761    Fax:  +44 1223 334679