[thelist] Secure Site Expiration

Keith cache at dowebscentral.com
Sun May 5 11:22:01 CDT 2002


At 08:52 AM Sunday 5/5/02, Belinda wrote:

>When we questioned it we were told "he assured me it was secure, but that
>their security had expired and though it was renewed, the company had not
>added the lock back."
>
>Am I correct that this is either pure BS, or he is honestly ignorant?


It could be that he's honestly ignorant, but it's probably BS. Either way
the site is NOT secure unless the protocol is https and the lock icon is
working. The lock icon is NOT something that he can turn on or off, the
browser will always and only show the lock icon when an SSL session has
been established, and that can happen only with the https protocol. The
only way he can "add the lock back" is to get a secure cert working with
the https protocol.

I went to the checkout page where CC number is entered and tried to change
the protocol to https and got a "server not available" which means there is
no cert and no https server available for that page, period.

You have to wonder about doing business with a third party shopping cart
company that would let their cert expire. I've yet to run across a CA who
fails to notify you that your cert is scheduled to expire in adequate time
to renew it. In fact, Verisign, in a totally dishonest campaign, now has a
robot reading expiration dates on certs that they did not originally sell
and sending an email to the site owner to "renew now by clicking here" in
hopes of tricking the site owner into "renewing" with their more expensive
cert. In short this site had plenty of opportunity to renew before the cert
went dead on them.  At any rate they could have the site secure in minutes,
if they wanted to. Ignorance or BS, it doesn't matter, they are negligent
either way.

As for your response, I'd assume that a company that sells secure services
knows how SSL works, I'd consider it BS and not be nice about it in my reply.

But I'm a bit confused. Is buysharpsigns.com the company website, or is it
the third party site?



keith

cache at dowebscentral.com




More information about the thelist mailing list