Security Basics mailing list archives

Re: Expired certificates

From: edward.luck () didata com au
Date: 27 Apr 2006 04:26:38 -0000

This is an interesting issue, and the answer really depends on how evangelistic you are regarding PKI.  Since the 
content protected by the certificate does not use it - and I assume will never use it again - personally I don't 
believe it's a big problem.

*However*, people should never be given an excuse to get into the habit of ignoring certificate errors.  Any time an 
active website uses an invalid certificate, it only encourages poor user behaviour.  Ergo, you can say that it's best 
to remove any invalid certificates, which is being a good security citizen, which in turn helps keep the trust model of 
PKI working.

-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------

Current thread:

Expired certificates 1tgeye (Apr 26)
- Re: Expired certificates James Fryman (Apr 28)
- Re: Expired certificates Brooks Garrett (Apr 28)
- Re: Expired certificates Kenton Smith (Apr 28)
- <Possible follow-ups>
- Re: Expired certificates vachanta (Apr 28)
- RE: Expired certificates Steve Armstrong (Apr 28)
- Re: Expired certificates edward . luck (Apr 28)
- Re: Expired certificates anthonylai (Apr 28)
- Re: Expired certificates wojtekp (Apr 28)