Groklaw - Digging for Truth

	When you want to know more...

Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines

ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books

Gear

Groklaw Gear

You won't find me on Facebook

Donate

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.

What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments

Sponsors

Hosting:

On servers donated to ibiblio by AMD.

Webmaster

Certificates 101 | 178 comments | Create New Account

Comments belong to whoever posts them. Please notify us of inappropriate comments.

Certificates 101

Authored by: greed on Sunday, August 19 2012 @ 02:03 PM EDT

I do the same thing; though I do have my root certificate in equipment I
regularly use.

The other thing I'm seeing these days is, browsers "remembering" which
certificate was present last time you visited a site. This also helps prevent
MITM attacks.

For example, I went to my bank's website yesterday. Got the SSL certificate,
it's valid until May 2013, happily go about my business.

I go back to the site today, and it's a different certificate. Browser alerts
me, saying the certificate has changed--and yet it was no-where near expiry.

Unfortunately, the user interface I saw this with still had some way to go. It
worked very well for those of us who actually know how SSL and the trust chains
work. But, of course, it was just another error message to click
"Whatever, keep going" on for most people.

[ Reply to This | Parent | # ]

Fake certificates - Authored by: SpaceLifeForm on Sunday, August 19 2012 @ 06:24 PM EDT
- Fake certificates - Authored by: JimDiGriz on Sunday, August 19 2012 @ 11:24 PM EDT
- Bad Cert for a DIFFERENT Site - Authored by: Anonymous on Monday, August 20 2012 @ 02:57 AM EDT
  - Bad Cert for a DIFFERENT Site - Authored by: Anonymous on Monday, August 20 2012 @ 04:37 AM EDT
    - Bad Cert for a DIFFERENT Site - Authored by: Anonymous on Monday, August 20 2012 @ 05:42 AM EDT
Certificates 101 - Authored by: Anonymous on Sunday, August 19 2012 @ 07:17 PM EDT

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )