[thelist] Secure Site Expiration

Belinda Johnson belinda at prodsol.net
Sun May 5 18:05:01 CDT 2002


RE: It's still a secure transaction, it's all still encrypted if even if the
certificate is expired.  What is the expiration date there for besides
making the cert signers more money?  I suppose it lessens the problems if
your private key gets stolen since it will expire, but it doesn't add any
security.


But Pete - it's not a secure transaction - the server is not using SSL at
all - even though the END END result is to pass the information from the
cart to suthorize.net, it still has to get from the first browser page to
the next one - WITH credit card information there - unencrypted - correct?

Please correct me if I am wrong - that's why I posted this here in the first
place - my understanding is that technically, yes, a certificate could be
expired and the process could still be secure IF it were taking place under
https instead of http - the person placing the order would simply get a
popup window most likely that warned that the certificate was expired (at
which point I would immediately stop the transaction personally just
because)

Is this correct?

Belinda





More information about the thelist mailing list