Full Disclosure mailing list archives

Expired certificate

From: "Daniel Sichel" <daniels () Ponderosatel com>
Date: Fri, 16 Jul 2010 10:10:00 -0700

OK, I am in the Golden state (California) where things are not so golden
at the moment.
I deal with a state agency and use their "secure" ftp site. 
Their certificate has expired and won't be renewed for a few weeks, but
they want me to continue to ftp stuff
Using their expired cert.

So, as a relative n00b,  what are the risks?

Does it still encrypt even though, obviously, it can't be verified? 

My guess is that this still encrypts, but there is no authentication,
possibly creating a man in the middle opportunity for some 
Nefarious person with evil intent (nobody I know, or who is on this
list, of course).


Anyway, any info would be welcome from the cognoscenti who subscribe
here.

Thanks,
Dan Sichel 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Expired certificate Daniel Sichel (Jul 16)
- Re: Expired certificate Larry Seltzer (Jul 16)
  - Re: Expired certificate Dimitry Andric (Jul 16)
    - Re: Expired certificate Valdis . Kletnieks (Jul 16)
    - Re: Expired certificate Jan Schejbal (Jul 21)
    - Re: Expired certificate Ryan Castellucci (Jul 22)
- Re: Expired certificate Junk Meat (Jul 16)
  - Re: Expired certificate bk (Jul 16)
    - Re: Expired certificate Junk Meat (Jul 16)
    - Re: Expired certificate bk (Jul 16)
    - Re: Expired certificate Junk Meat (Jul 17)

(Thread continues...)