YDL.net signon screen is not secure... What to do about it?
Gavin Hemphill
yellowdog-general@lists.terrasoftsolutions.com
Thu Mar 27 17:58:00 2003
Yes I certainly would. Then they could use pop3s as well
G++
Rick Thomas wrote:
> The login screen for YDL.net is not secure. This means that your
> YDL.net password can be snooped by anybody listening in to your traffic.
>
> I've pointed out this problem to the YDL support folks. They replied,
> quite reasonably, that things were pretty busy right now, what with v3.0
> and YDL.net launching at the same time, and all, and they only had one
> SSL certificate, which was in use for the store machine. They promised
> that they would get around to ordering more SSL certificate(s) for the
> YDL.net machine(s) as soon as things quieted down.
>
> I suggested in reply that the "early adopters" on YDL.net might be
> willing to put up with a "self-signed" cert (which YDL could generate
> right away, at no cost), as long as its fingerprint was published in a
> public and reliable place -- such as on the store machine, which already
> has a certificate (issued by Thawte, a reputable certifier).
>
> I offered to do a straw-poll to find out if you-all thought this was reasonable.
>
>
> So, how about it, YDL.net'ers? Would you be willing to accept a
> self-signed certificate in order to keep your YDL.net password secure?
> I know I would.
>
>
> Rick
>
>
> PS: If you have never done it before, accepting a self-signed
> certificate takes about 2 minutes (including time to check the
> fingerprint). If YDL decides to do this, I'll post a simple "how to" to
> this list.
>
> Warning -- accepting a self-signed cert cannot be done using MS Internet
> Explorer. M$, in their infinite wisdom, have decided that this is
> something we should not be allowed to do. Netscape (and most other
> browsers) have no such restriction.
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general