Schneier on Security
A blog covering security and security technology.
« Dan Geer on Trade-Offs and Monoculture |
| Rare Risk and Overreactions »
May 17, 2007
The e-mail EPIC Alert comes out twice a week from the Electronic Privacy Information Center. It's a great resource for information on privacy and policy, both in the U.S. and abroad.
Subscribe online here.
Posted on May 17, 2007 at 11:31 AM
• 8 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
How come I'm getting invalid certificate authority messages when I go to that site . . .
One would think
> How come I'm getting invalid certificate authority messages when I go to that site . . .
One would think
And they issued it to themselves, so it's not like they have to go to a lot of trouble ...
It would be nice if they could make this an RSS feed.
Sign up for a security mailing list through a self signed expired certificate? Is this a test to see if we're paying attention to everything Bruce has been telling us over the years?
Really - certificates are so overrated. The only real benefit to most end users is that some degree of encryption is used to convey the data between two essentially arbitrary endpoints. If you are relying on the certificate to in some way validate the authenticity or veracity of the information you are viewing, well, no then you haven't been paying attention to Bruce over the years.
Another vote for an RSS feed.
You make an excellent point. In this particular case, I'd argue that the amount of attention someone paid to the security certificate (it only expired 5 months ago) is, arguably, indicative of the amount of care and attention given to other parts of the site. Something as inconsequential as, say, veracity of information presented or other trivial things.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.