OK, I am in the Golden state (California) where things are not so golden at the moment. I deal with a state agency and use their "secure" ftp site. Their certificate has expired and won't be renewed for a few weeks, but they want me to continue to ftp stuff Using their expired cert.
So, as a relative n00b, what are the risks? Does it still encrypt even though, obviously, it can't be verified? My guess is that this still encrypts, but there is no authentication, possibly creating a man in the middle opportunity for some Nefarious person with evil intent (nobody I know, or who is on this list, of course). Anyway, any info would be welcome from the cognoscenti who subscribe here. Thanks, Dan Sichel _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/