[thelist] Secure Site Expiration

[Pete Freitag]

yes if it's HTTPS you are getting encrypted transactions, no matter how good
your cert is, you can even generate the cert yourself, it will be secure,
but not necessarily trusted.

-----Original Message-----
From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org]On Behalf Of Belinda Johnson
Sent: Sunday, May 05, 2002 7:04 PM
To: thelist at lists.evolt.org
Subject: RE: [thelist] Secure Site Expiration




RE: It's still a secure transaction, it's all still encrypted if even if the
certificate is expired.  What is the expiration date there for besides
making the cert signers more money?  I suppose it lessens the problems if
your private key gets stolen since it will expire, but it doesn't add any
security.


But Pete - it's not a secure transaction - the server is not using SSL at
all - even though the END END result is to pass the information from the
cart to suthorize.net, it still has to get from the first browser page to
the next one - WITH credit card information there - unencrypted - correct?

Please correct me if I am wrong - that's why I posted this here in the first
place - my understanding is that technically, yes, a certificate could be
expired and the process could still be secure IF it were taking place under
https instead of http - the person placing the order would simply get a
popup window most likely that warned that the certificate was expired (at
which point I would immediately stop the transaction personally just
because)

Is this correct?

Belinda


--
For unsubscribe and other options, including
the Tip Harvester and archive of thelist go to:
http://lists.evolt.org Workers of the Web, evolt !