[Users] [Bulk] Re: Certificate pop-up message

Kevin Chadwick ma1l1ists at yahoo.co.uk
Thu Oct 4 18:44:36 CEST 2012 

> > It's in the spec, so fair enough but the date doesn't actually matter
> > assuming a high enough bit key, just whether the key is secure and
> > currently valid matters, which should be verified anyway. This could  
> 
> An expired certificate is neither secure nor valid. This is what
> "expired" means. It's the very definition of the term.
>

It certainly doesn't define that. In the case I have stated it is not
expired it is mistakenly thought to have gone past the intended
replacement date.

> > even be a user issue that he can't solve, such as a flat bios battery.
> > Something the HSTS (i think that's the right one) chose to ignore when
> > prodded even though it stops me using it on my site as some users
> > such as a mate of mine would get a needless DOS when a forced redirect
> > such as via PHP that allows ignoring the date would do.  
> 
> Are you serious? Dates and times are important to proper mail handling
> and even more important to high-level crypto-systems like Kerberos and
> SSL. If your friend's computer's clock doesn't work then the computer
> is broken. Tell your friend to fix his computer or get it fixed.

His clock does work it's just forgotten the time.

Right, so you want him to pay fifty pounds to replace a battery in
a laptop worth a hundred pounds. If it could be replaced in minutes I
would have done so for him but that's besides the point as many have
no access to friends who can do so and all computers bios batteries
die and ntp is no guarantee. Like linux has problems with fsck that
OpenBSD doesn't here, if an encryption technology doesn't fit into the
real world it is the encryption tech that is broken, but that isn't
the case for ssl anyway, only for HSTS if I have the right RFC and it
hasn't been changed.

-- 
_______________________________________________________________________

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
_______________________________________________________________________

More information about the Users mailing list