Subj : Re: Cert Security To : Rich From : Robert Comer Date : Thu Mar 29 2001 01:14 am From: "Robert Comer" >> Really?<< Yep. >> You have no other software that uses TLS or SSL? << Nope, no other. >>How about S/MIME or other form of secure email?<< Now that I think about it we have Notes, but they have their own mechanism -- all certificates are easily revocable by the admin if needed, and we have no public keys, only private ones. >> In regard to IBM, visit https://www.ibm.com/ and look at the certificate for the site. Now, what happens if someone else issues a certificate for www.ibm.com and delivers it to someone other than IBM.<< Don't need to, but so -- my complaint has always with the design of the system and if I'm not mistaken, MS had a heavy hand in how things were set up to begin with. >> That aside, George's question is flawed or else he misunderstands something. Internet Explorer is perfectly capable of checking revocation of certificates but that doesn't help if the certification authority doesn't include in the certificate the locations to check for certificate revocation lists.<< No, Geo.'s question is not flawed, the specs for the certificates are -- that should have been *required* info. - Bob Comer "Rich" <@> wrote in message news:3ac30388@w3.nls.net... --- BBBS/NT v4.00 MP * Origin: Barktopia Gating Project http://HarborWebs.com:8081 (1:379/45) .