I am also flipping over to HTTPS, and chrome is reporting that the cert is valid, and upon inspection all looks as it should be. The trust chain goes up to a Versign root cert, so my guess is that is a bad cert you are seeing, and if inside china it might just be a plain old mitm.
-Andrew On Oct 5, 2014, at 11:52 PM, Eric S Johnson <[email protected]> wrote: > I just got back to CN from a vacation. I’m now (in all three main Windows > browsers) seeing yahoo.com automatically flip over to HTTPS--and then give a > bad cert error. The *root* cert is listed as yahoo.com and is valid “23 Sep > 14 to 23 Sep 15.” > > Is Y! experimenting with making access to their resources always-only-HTTPS? > Are they having certificate problems? “HTTP only” seems like a good direction > in which to go, but teaching people to accept bad cert warnings seems like a > bad direction in which to go. > > Best, > Eric > OpenPGP: 0x1AF7E6F2 ● Skype: oneota ● XMPP/OTR: [email protected] ● > Silent Circle: +1 312 614-0159 > -- > Liberationtech is public & archives are searchable on Google. Violations of > list guidelines will get you > moderated:https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > [email protected].
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
