john_j_ke...@ao.uscourts.gov (John Kelly) writes: > Here's my response form IBM FeedBack about it. I find that it goes away > after a while but happens mostly with Firefox. When I get it, I go to IE > and get in OK. I had an offline line email from someone else who's had the > problem and they accepted the site and apparently got in.
it isn't so much that it is an invalid certificate ... it is an incorrect certificate. the whole point is that the domain name in the certificate is supposed to correspond to the URL that the browser is using. browsers have some rules about wild-card (fuzzy) match between what is in the certificate and what the URL they are using ... in general, domain names have to EXACTLY match the URL ... or for wild-card, the trailing part (in the certificate) has to match the corresponding field in the URLs used by the browser. long ago and far away, we were brought in to consult with small client/server startup that wanted to do payment transactions on their server ... and they had invented this technology called SSL that they wanted to use (the result is now frequently called electronic commerce). As part of the effort, we had to do some in-depth review of the protocol and browser operation ... as well as business processor walkthrus with some of the new operations calling themselves Certification Authorities. misc. past posts about ssl digital certificates http://www.garlic.com/~lynn/subpubkey.html#sslcerts it turns out that there were several security assumptions about how all the pieces actually fit together and worked ... in some number of cases, some of those security assumptions were almost immediately violated (which can be considered at the root of some number of current compromises). -- 42yrs virtualization experience (since Jan68), online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
