[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] TLS certificate validation

From: Ken Hornstein
Subject: Re: [Nmh-workers] TLS certificate validation
Date: Sat, 24 Sep 2016 22:13:53 -0400

>Any system that does not maintain up-to-date certificates is just broken;
>an invitation for security vulnerabilities to be exploited in situations
>where expired or revoked certificates can be exploited.  Validating the
>certificate chain should be the default and any other option available
>should come with language that strongly discourages their use.  Doing
>anything else would be giving people a false sense of security.

I'm not DISAGREEING with you that it's important; I just wonder how
good of a job operating systems do here.  More investigation is needed.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]