>> What matters is not the certificate. The certificate is public.
>> You can’t “steal" a certificate.
>>
>> What you *can* steal is the private key associated with a
>> certificate, and the more time goes by the more likely it becomes
>> that someone has done so.
>>
>> However, the expiration
Ron Garret writes:
> The whole idea of an expiration date (rather than an issue date)
> on a certificate is a sort of a scam by the CAs to coerce people
> into renewing (and hence paying for) their certificates on a regular
> schedule. I think some CAs don’t even enforce the use of a new key
>
John R. Levine writes:
> >But all of this is rather a moot point nowadays. Now that letsencrypt is
> >live, there is no reason to pay for a cert any more.
>
> Try getting a let's encrypt cert for your mail server. Or getting an EV
> cert.
EV certs are definitely not available from Let's
Authors of ransomware as a service such as encryptor RaaS steal
certificates all the time.
On 6/24/2016 2:30 PM, Ron Garret wrote:
What matters is not the certificate. The certificate is public. You can’t
“steal" a certificate.
What you *can* steal is the private key associated with a
EV certs are definitely not available from Let's Encrypt, but you can
get a certificate for your mail server by using the DNS challenge type,
which just requires you to place a specified record into your DNS zone.
While the Certbot client doesn't support this mechanism, several other
Let's
On Fri, Jun 24, 2016 at 2:30 PM, Ron Garret wrote:
> What matters is not the certificate. The certificate is public. You can’t
> “steal" a certificate.
>
> What you *can* steal is the private key associated with a certificate, and
> the more time goes by the more likely it
I originally sent this to John Levine privately, but the discussion seems to
have leaked onto this list so I’m re-sending my response to John here for the
record.
Begin forwarded message:
> From: Ron Garret
> Subject: Re: [cryptography] MalwareBytes
> Date: June 24, 2016 at
But all of this is rather a moot point nowadays. Now that letsencrypt is live,
there is no reason to pay for a cert any more.
Try getting a let's encrypt cert for your mail server. Or getting an EV
cert.
R's,
John
___
cryptography mailing list
What matters is not the certificate. The certificate is public. You can’t
“steal" a certificate.
What you *can* steal is the private key associated with a certificate, and the
more time goes by the more likely it becomes that someone has done so.
However, the expiration date is completely
In article <576d6d35.3080...@gmail.com> you write:
>Do you want to take chances in a world of stolen certificates?
Why is this certificate more likely to be stolen today than it was a
week ago? It's the same certificate, it hasn't changed.
R's,
John
>On 6/24/2016 11:09 AM, Jason Richards
Do you want to take chances in a world of stolen certificates?
On 6/24/2016 11:09 AM, Jason Richards wrote:
I just downloaded the new MBAM installer.
Its certificate expired 6/19/2016.
Should I just ignore that fact?
I wouldn't ignore it at all.
The certificate that signed the code
>> I just downloaded the new MBAM installer.
>>
>> Its certificate expired 6/19/2016.
>>
>> Should I just ignore that fact?
>
> I wouldn't ignore it at all.
The certificate that signed the code expired? If the certificate was
valid when the code was signed then there should be no issues. Nothing
12 matches
Mail list logo