Hello all, Sunday, February 24, 2008, Thomas Fernandez wrote: > Not I "must". I "should". And if I don't do it, I must live with the > consequences. I "must not" be nannied by my email program - especially > since other email programs don't nanny the user. They give a pop-up > warning and then let the user accept the expired certificate if he so > chooses. Please don't treat me like a child, I know what I'm doing.
I am against "such" security, if You accept security, You should accept its policy. For example from RFC2246 F.1.1. Authentication and key exchange TLS supports three authentication modes: authentication of both parties, server authentication with an unauthenticated client, and total anonymity. Whenever the server is authenticated, the channel is secure against man-in-the-middle attacks, but completely anonymous sessions are inherently vulnerable to such attacks. Anonymous servers cannot authenticate clients. If the server is authenticated, its certificate message must provide a valid certificate chain leading to an acceptable certificate authority. Similarly, authenticated clients must supply an acceptable certificate to the server. Each party is responsible for verifying that the other's certificate is valid and has not expired or been revoked. -- Bye Marek Mikus Czech support of The Bat! http://www.thebat.cz Using the best The Bat! 4.0.14.5 under Windows XP 5.1 Build 2600 Service Pack 2 with MyMacros,XMP,AnotherMacros, NOD32 Antivirus plugin and AntispamSniper v 2.7.1.7 Notebook Toshiba, Core2 Duo 1.83 GHz, 1 GB RAM ________________________________________________________ Current beta is 4.0.14.4 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html

