[Info-vax] forum.vmssoftware.com/

[bill]

On 9/11/2023 10:06 AM, Johnny Billquist wrote:
> On 2023-09-11 10:02, David Wade wrote:
>> On 11/09/2023 03:34, Arne Vajhøj wrote:
>>> On 9/10/2023 9:56 PM, Arne Vajhøj wrote:
>>>> There is something going on with that site.
>>>>
>>>> I tried again.
>>>>
>>>> FF gives cert revoked every time now.
>>>>
>>>> Chrome works. And say that cert expire Tuesday, September 19, 2023 
>>>> at 7:59:59 PM.
>>>
>>> I tried via work.
>>>
>>> Chrome works.
>>>
>>> FF does not work but gives a different error:
>>>
>>> "Bad Server Certificate" and certificate expiration is 11-Nov-2284 
>>> 07:08:23.
>>>
>>> WTF??
>>>
>>> Arne
>>>
>>>
>> Every certificate contains a URL for a certificate revocation list 
>> (CRL). So if a certificate is compromised, for example because its 
>> private key is stolen, it can be revoked.
> 
> What kind of broken scheme is that? You get an URL and are supposed to 
> check if something is ok based on this? How hard would it be to direct 
> that to somewhere else and fake things?
> 
>> What you are seeing is the fact that Chrome and Edge don't check the 
>> CRL but FF does
> 
> Which is bad, but also shows how much you can trust certificates or 
> sites, based on your browser approving of them.
> 

On this whole certificate thing.  I have never understood why I am
expected to trust a certificate issued by someone I don't know and
have no reason to trust in the first place.

If you think that certificate someone gave you is really secure take
a look at recent papers about a safe manufacturer who gave the
government a code that opens every safe they have sold.  Are you
sure there isn't a back door for your certificate?  Do you trust that
the issuer wouldn't give it to someone other than you?

bill