This is also sort of a behaviour question. If someone connects to a
web server and that server's certificate has expired, should that
person really be concerned since the information they're sending back
to the server is still probably encrypted?
In IE you can turn off the two options "check for publisher's
certificate revocation" and "check for server certificate revocation"
and if you did and you connected to a server with a revoked
certificate, wouldn't the information passed between you and the
server still be encrypted?
I'm asking because I was at some web site and they had a VeriSign logo
on their main page and when I clicked on it it said their certificate
had expired, although their form page that was using a certificate was
using a valid certificate, but it got me to wondering if I really
should have worried anyhow, as an end user.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
