Re: Certificate

To: mutt-users@xxxxxxxx
Subject: Re: Certificate
From: Kyle Wheeler <kyle-mutt@xxxxxxxxxxxxxx>
Date: Wed, 21 Jan 2009 08:54:28 -0600
Comment: DomainKeys? See http://domainkeys.sourceforge.net/
Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=memoryhole.net; h=date :from:to:subject:message-id:references:mime-version:content-type :in-reply-to; s=default; bh=1SPcN3Rk6bDAISZBYwy2iTEg/N0=; b=f5/x +75tLLlOa1RDL2/k4BmktuzX8vbLr2Szn6GHt1l2+QaDHZ2C8MnwLKemggZ/Gd+R +XMKUHlzsbdiEslABNJVVcj4lVcVBUSao0dglWKx47qm4y1J40CNmsW8BsWK9xhd A2iaHhv08XRFQ6TO6inwCj6kaNLolbJfCk80oqE=
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=memoryhole.net; b=ktgg0UJo+B24JlFnsjy2pELvHeSeKE9lS/mqOQB2uRS4N+1945wmpqvO8C8ifoJ8yN73VO7y18qw7hJeo8PQpytwzJmnnQOAnnrwDnQaKno+2Vs30RVpaI8yO8SjZdPmYk2ef7wJdctj7lruSpqDH+WkqMntOCxOSq9KGvqueiU=; h=Received:Received:Date:From:To:Subject:Message-ID:Mail-Followup-To:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:OpenPGP:User-Agent;
In-reply-to: <4976CCBC.80505@xxxxxxxxx>
List-post: <mailto:mutt-users@mutt.org>
List-unsubscribe: send mail to majordomo@mutt.org, body only "unsubscribe mutt-users"
Mail-followup-to: mutt-users@xxxxxxxx
Openpgp: id=CA8E235E; url=http://www.memoryhole.net/~kyle/kyle-pgp.asc; preference=signencrypt
References: <4976CCBC.80505@xxxxxxxxx>
Sender: owner-mutt-users@xxxxxxxx
User-agent: Mutt/1.5.19 (2009-01-11)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday, January 21 at 09:20 AM, quoth Tolga:
> When I connect to one remote server, I am told that my certificate 
> expired and get "(r)eject, accept (o)nce". When I connect to another 
> one, I don't get it. What is this and what to do about it?

It's not *your* certificate that's expired, it's *their* certificate.

Whenever you connect to a server and encrypt that connection (i.e. 
with SSL), the server must have an encryption certificate to use for 
encrypting the connection (I'm being very broad here, but for the 
purposes of this discussion, this is relatively accurate). These 
certificates are generally only good for a certain amount of time (for  
several very good reasons), and so have an expiration date embedded in 
them. When you connect to a server, the server sends you information 
about its certificate that includes the expiration date. So what's 
happening is that one of the servers you connect to is using an 
expired certificate. Now, generally, that's bad: expired certificates 
*can* be a sign that someone has brute-forced the certificate and is 
performing a man-in-the-middle attack against you. Or it can also be a 
sign of a system administrator that's asleep at the wheel. Either way, 
it's something that needs to be fixed.

Unfortunately, there's very little YOU can do to fix it, other than 
complain loudly to the people in charge of that particular server.

~Kyle
- -- 
If I had been married earlier in life, I wouldn't have seen the double 
helix. I would have been taking care of the kids on Saturday. On the 
other hand, I was lonely a lot of the time.
                                                        -- James Watson
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!

iEYEARECAAYFAkl3NyQACgkQBkIOoMqOI16nTgCgs4ZZAcbJ1zPQbqSL1SNoBM38
j44AoMuMAfBqcKg6Yn5zLLa9oa0sq7yT
=UHYW
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Certificate
  - From: Tolga

References:
- Certificate
  - From: Tolga

Prev by Date: Re: definition of signature separator
Next by Date: Re: definition of signature separator
Previous by thread: Certificate
Next by thread: Re: Certificate
Index(es):
- Date
- Thread