Bill Squier
Mon, 17 Mar 2008 10:38:51 -0700
On Mar 17, 2008, at 10:06 AM, Leichter, Jerry wrote:
| >> So at the company I work for, most of the internal systems have | >> expired SSL certs, or self-signed certs. Obviously this is bad. | > | >You only think this is bad because you believe CAs add some value. || Presumably the value they add is that they keep browsers from popping| up scary warning messages.... Apple's Mail.app checks certs on SSL-based mail server connections. It has the good - but also bad - feature that it *always* asks for user approval if it gets a cert it doesn't like.
Fixed in Leopard. Certificate handling in general appears to be better -- although I can't be sure Tiger didn't let you fiddle with fine-grained entitlements as to when to trust a cert.
-wps --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]