You might not worry, as you understand what is happening in the process,
and you also know how to stop IE from caring, but most users will care.
Cheers
Mike
At 03:20 PM 23/05/2000 -0700, you wrote:
>This is also sort of a behaviour question. If someone connects to a
>web server and that server's certificate has expired, should that
>person really be concerned since the information they're sending back
>to the server is still probably encrypted?
>
>In IE you can turn off the two options "check for publisher's
>certificate revocation" and "check for server certificate revocation"
>and if you did and you connected to a server with a revoked
>certificate, wouldn't the information passed between you and the
>server still be encrypted?
>
>I'm asking because I was at some web site and they had a VeriSign logo
>on their main page and when I clicked on it it said their certificate
>had expired, although their form page that was using a certificate was
>using a valid certificate, but it got me to wondering if I really
>should have worried anyhow, as an end user.
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
