On Sat, 24 Sep 2016 12:43:55 -0400, Jeffrey Honig said:
Any system that does not maintain up-to-date certificates is just broken; an invitation for security vulnerabilities to be exploited in situations where expired or revoked certificates can be exploited. Validating the certificate chain should be the default and any other option available should come with language that strongly discourages their use. Doing anything else would be giving people a false sense of security.
Like having 600+ root CA certificates *isn't* a false sense of security? :)
pgpduJKs7cdB7.pgp
Description: PGP signature
_______________________________________________ Nmh-workers mailing list Nmh-workers(_at_)nongnu(_dot_)org https://lists.nongnu.org/mailman/listinfo/nmh-workers