YDL.net signon screen is not secure... What to do about it?

[Rick Thomas]

The login screen for YDL.net is not secure.  This means that your
YDL.net password can be snooped by anybody listening in to your traffic.

I've pointed out this problem to the YDL support folks.  They replied,
quite reasonably, that things were pretty busy right now, what with v3.0
and YDL.net launching at the same time, and all, and they only had one
SSL certificate, which was in use for the store machine.  They promised
that they would get around to ordering more SSL certificate(s) for the
YDL.net machine(s) as soon as things quieted down.

I suggested in reply that the "early adopters" on YDL.net might be
willing to put up with a "self-signed" cert (which YDL could generate
right away, at no cost), as long as its fingerprint was published in a
public and reliable place -- such as on the store machine, which already
has a certificate (issued by Thawte, a reputable certifier).

I offered to do a straw-poll to find out if you-all thought this was reasonable.


So, how about it, YDL.net'ers?  Would you be willing to accept a
self-signed certificate in order to keep your YDL.net password secure? 
I know I would.


Rick


PS:  If you have never done it before, accepting a self-signed
certificate takes about 2 minutes (including time to check the
fingerprint).  If YDL decides to do this, I'll post a simple "how to" to
this list.

Warning -- accepting a self-signed cert cannot be done using MS Internet
Explorer.  M$, in their infinite wisdom, have decided that this is
something we should not be allowed to do.  Netscape (and most other
browsers) have no such restriction.