If a company hasn't renewed it's certificate, it is either out of business
or inept at keeping them up to date. Both are legitimate concerns for any
user.
John
-----Original Message-----
From: Rusty Wright [mailto:[EMAIL PROTECTED]]
Sent: 23 May 2000 23:20
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: expired certificate question
This is also sort of a behaviour question. If someone connects to a
web server and that server's certificate has expired, should that
person really be concerned since the information they're sending back
to the server is still probably encrypted?
In IE you can turn off the two options "check for publisher's
certificate revocation" and "check for server certificate revocation"
and if you did and you connected to a server with a revoked
certificate, wouldn't the information passed between you and the
server still be encrypted?
I'm asking because I was at some web site and they had a VeriSign logo
on their main page and when I clicked on it it said their certificate
had expired, although their form page that was using a certificate was
using a valid certificate, but it got me to wondering if I really
should have worried anyhow, as an end user.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
