Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Always. (Score 1) 627

by tim_olsen (#23932471) Attached to: When Is a Self-Signed SSL Certificate Acceptable?

Now, I understand perfectly well that Verisign and its brethren have made a huge industry out of scamming consumers into thinking that identification is indeed something that a certificate provides; but that is marketing illusion and nothing more. Hokum and hand-waving.

Yep. If you read the fine print they admit that they cannot vouch for the identity of the website. From their end-user agreement (downcased to bypass /. filters):

6. disclaimer of warranty. ... verisign makes no representation or
warranty to any person that any ca or user to which it has issued a
certificate in the verisign secure server hierarchy is in fact the
person or organization it claims to be in the information supplied to
verisign or that any ca or user is in fact the person or organization
listed in the certificate. verisign makes no assurances of the
accuracy, authenticity, integrity, or reliability of information
contained in certificates or in other certificate status mechanisms
compiled, published or disseminated by verisign, or of the results of
cryptographic methods implemented in connection with such
certificates. ...

panic: kernel trap (ignored)