YDL.net signon screen is not secure... What to do about it?

[Gavin Hemphill]

Yes I certainly would.   Then they could use pop3s as well
	G++

Rick Thomas wrote:
> The login screen for YDL.net is not secure.  This means that your
> YDL.net password can be snooped by anybody listening in to your traffic.
> 
> I've pointed out this problem to the YDL support folks.  They replied,
> quite reasonably, that things were pretty busy right now, what with v3.0
> and YDL.net launching at the same time, and all, and they only had one
> SSL certificate, which was in use for the store machine.  They promised
> that they would get around to ordering more SSL certificate(s) for the
> YDL.net machine(s) as soon as things quieted down.
> 
> I suggested in reply that the "early adopters" on YDL.net might be
> willing to put up with a "self-signed" cert (which YDL could generate
> right away, at no cost), as long as its fingerprint was published in a
> public and reliable place -- such as on the store machine, which already
> has a certificate (issued by Thawte, a reputable certifier).
> 
> I offered to do a straw-poll to find out if you-all thought this was reasonable.
> 
> 
> So, how about it, YDL.net'ers?  Would you be willing to accept a
> self-signed certificate in order to keep your YDL.net password secure? 
> I know I would.
> 
> 
> Rick
> 
> 
> PS:  If you have never done it before, accepting a self-signed
> certificate takes about 2 minutes (including time to check the
> fingerprint).  If YDL decides to do this, I'll post a simple "how to" to
> this list.
> 
> Warning -- accepting a self-signed cert cannot be done using MS Internet
> Explorer.  M$, in their infinite wisdom, have decided that this is
> something we should not be allowed to do.  Netscape (and most other
> browsers) have no such restriction.
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general