>Any system that does not maintain up-to-date certificates is just broken; >an invitation for security vulnerabilities to be exploited in situations >where expired or revoked certificates can be exploited. Validating the >certificate chain should be the default and any other option available >should come with language that strongly discourages their use. Doing >anything else would be giving people a false sense of security.
I'm not DISAGREEING with you that it's important; I just wonder how good of a job operating systems do here. More investigation is needed. --Ken _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
