Your right Dan, encryption still does take place. However, its hard to understand why renewing a certificate would take so long. It should take no longer then 1/2 hour to receive a renewed ssl cert from a certificate authority in my opinion and maybe a few minutes to push it out depending on the device that is publishing the cert.
You should tell them that your security policy prevents you from making a secure ftp transfer to a third party with an expired certificate that contains non-public information and see how fast they renew their certificate. Basically you are now taking responsibility for any breach in the slight chance that anything does happen (man-in-the-middle, or otherwise) because you now know about the problem. Have them acknowledge the expired ssl certificate on their end and sign-off on any potential litigation that may result if a breach does happen to occur. -Shawn Dermenjian On 7/16/2010 1:10 PM, Daniel Sichel wrote: > OK, I am in the Golden state (California) where things are not so golden > at the moment. > I deal with a state agency and use their "secure" ftp site. > Their certificate has expired and won't be renewed for a few weeks, but > they want me to continue to ftp stuff > Using their expired cert. > > So, as a relative n00b, what are the risks? > > Does it still encrypt even though, obviously, it can't be verified? > > My guess is that this still encrypts, but there is no authentication, > possibly creating a man in the middle opportunity for some > Nefarious person with evil intent (nobody I know, or who is on this > list, of course). > > > Anyway, any info would be welcome from the cognoscenti who subscribe > here. > > Thanks, > Dan Sichel > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
