delegating SSL certificates
Bill Squier
groo at old-ones.com
Mon Mar 17 13:33:32 EDT 2008
On Mar 17, 2008, at 10:06 AM, Leichter, Jerry wrote:
> | >> So at the company I work for, most of the internal systems have
> | >> expired SSL certs, or self-signed certs. Obviously this is bad.
> | >
> | >You only think this is bad because you believe CAs add some value.
> |
> | Presumably the value they add is that they keep browsers from
> popping
> | up scary warning messages....
> Apple's Mail.app checks certs on SSL-based mail server connections.
> It has the good - but also bad - feature that it *always* asks for
> user approval if it gets a cert it doesn't like.
Fixed in Leopard. Certificate handling in general appears to be
better -- although I can't be sure Tiger didn't let you fiddle with
fine-grained entitlements as to when to trust a cert.
-wps
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list