John Kelsey <[EMAIL PROTECTED]> writes: >Recently, Earthlink's webmail server certificate started showing up as >expired. (It obviously expired a long time ago; I suspect someone must have >screwed up in changing keys over or something, because the problem wasn't >happening up until recently.)
This is now the third time in the last few months in which invalid/expired SSL server certs have totally failed to have any effect, at least until a security person noticed that there was a problem. Maybe one of the HCI people reading the list could be persuaded to investigate whether SSL server certs have any real security value and/or what changes to the UI need to be made to make them useful. Alternatively, how long can you get away with a $19.95 cert from Honest Joe's Used Cars and Certificates that expired several years ago? Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]