The CA root certificates have very long expiration dates, so this is
much less of a problem than you may assume.

It's still an issue -- CA certs could possibly be revoked in the event
of a vulnerability or theft. But those are relatively remote
possibilities, beyond what most phone apps would need to consider.

On Aug 21, 9:16 am, DanH <danhi...@ieee.org> wrote:
> The current cert may only be good for another 6-12 months.  And if the
> site isn't directly under the control of the app developer, the cert
> may change at any time, and may even be changed to use a different
> root.
>
> There's probably no good solution to this problem, but the best I can
> think of is to embed another app in your app that simply installs the
> necessary cert(s), then have a way for that app to be updated as
> needed.
>
> On Aug 21, 7:09šam, Kostya Vasilyev <kmans...@gmail.com> wrote:
>
>
>
> > Right, it does. If the site in question is part of the phone application's
> > infrastructure, I personally would find it acceptable.
>
> > --
> > Kostya Vasilyev --http://kmansoft.wordpress.com
>
> > 21.08.2010 16:06 ÐÏÌØÚÏ×ÁÔÅÌØ "DanH" <danhi...@ieee.org> ÎÁÐÉÓÁÌ:
>
> > That assumes that the web site's cert won't change for the life of the
> > app.
>
> > On Aug 21, 3:18 am, Kostya Vasilyev <kmans...@gmail.com> wrote:
>
> > > š Ajay,
>
> > > A more cryptographically correct solution would be to install the
> > > missing Óertfiicate pieces wit...
> > > > On Fri, Aug 20, 2010 at 8:46 PM, Kostya Vasilyev <kmans...@gmail.com
> > > > <mailto:kmans...@gmail....
> > > > š š You being able to open the site in desktop browser and on a
> > > > š š Blackberry seems to impl...
>
> >http://groups.google.com/group/android-developers/browse_thread/threa...
>
> > > > š š This is a hack to accept all certificates.
>
> > > > š š -- Kostya
>
> > > > š š 20.08.2010 16:07,...
> > > > š š š š using the following site:http://www.digicert.com/helpandittold
> > > > š š š š that it was installed properly on the server.
>
> > > > š š š š On Aug 20, 4:39 pm, Kostya V...
> > > > š š š š <mailto:kmans...@gmail.com>> šwrote:
>
> > > > š š š š š š š Ajay,
>
> > > > š š š š š š This can happen because the certificate is not signed by...
> > > > š š <mailto:android-developers@googlegroups.com>
> > > > š š To unsubscribe from this group, send email to
> > > > š š android-developers+unsubscr...@googleg...
> > > > š š 
> > > > <mailto:android-developers%2bunsubscr...@googlegroups.com<android-developer
> > > >  s%252bunsubscr...@googlegroups.com>
>
> > > > š š For more options, visit this group at
> > > > š šhttp://groups.google.com/group/android-develope...

-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Reply via email to