Duane wrote: > Ram0502 wrote: > > > key update or certificate renewal). This means that if I am a customer > > Renewal doesn't usually effect the private key
I agree that it doesn't have to be this way but I bet few people change their keys very often, I suspect certificate renewal is about the only time it happens. I know at least one public CA that requires key changes at the first renewal past a certain key age. >... Although multiple > servers with different private keys would be an issue... The thing is > while you're hiding the finger prints someone else is intercepting your > traffic with a different key and unless you dig into the SSL dialogs you > virtually can never tell if anyone is proxying your traffic or not... I think you're saying that because the user isn't comparing key (or cert.) finger prints that they don't know who they are actually connected to. My expectation when I'm at home is that my browser will show me the certificate details of the site *my* SSL session is terminating at - which may be a proxy server. I'm pretty sure that's the behavior of Moz., FF, and IE - am I wrong? _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
