Julian Mehnle wrote: > The certificate isn't self-signed. It is signed by the new "openspf.org" > CA (which is of course unknown to IE, but that shouldn't stop it).
So far I haven't tested "accept new CA" with IE, but it should certainly be possible, after all my vintage '98 "mozilla-3" already can do this ;-) > Look for my message on spf-council about the new CA. Sorry, I missed the http://www.openspf.org/blobs/openspf.org-ca.pem URL in this article. It doesn't work with my browser, wrong format, maybe Content-Type: text/plain is (a part of) the problem. For a working example see http://noxa.de/ca.crt - they send Content-Type application/x-509-ca-cert starting with ----BEGIN CERTIFICATE----- My browser isn't impressed if I extract the file:///g%3A/tmp/openspf.crt from your PEM, it still happily displays it as text/plain, grumble... probably I miss a clue. >> When I tried it I found that "mozilla 3" won't like more than 1024 at >> some point of the openssl procedure, but obviously you avoided that >> trap. > Lucky you! Sharing this luck with amazon, paypal, postbank, yes. As soon as the SPF site needs more security than banking accounts don't hesitate to upgrade the certificates... > Next year things are probably going to look different. ...I doubt it. Businesses can't afford to ignore all those millions of Win98 or similar still around. Next year we might get "OpenID" because users have enough of managing (from their POV) irrelevant passwords. > The "(website) preferences" admin password is a shared password that > gives you extra privileges for administering the website. You don't > usually need it. What's it good for ? I've no clue what happened when it said "removed", is something important now unprotected ? Frank ------- To unsubscribe, change your address, or temporarily deactivate your subscription, please go to http://v2.listbox.com/member/?list_id=1996
