On Thu, 2002-05-16 at 05:28, Bear Giles wrote:
[snip]
>
> with the moderately more useful
>
> encrypted connection to eris.example.com
> Chaos and Despair, Unlimited.
> Turmoil Division
> (cipher: DES-CBC3-SHA, bits 168)
>
> (Specifically, the "common name", "organization name" and
> "organizational unit name" fields of the server's cert.)
>
> Before anyone else points it out, anyone can put anything they want
> into their own self-signed cert. So the value of this is limited
> until there's either a trusted local root cert store (like what
> web browsers use) or a trusted PKIX infrastructure. But it's better
> than nothing if you routinely connect to multiple servers, and it
> will get people used to seeing the information.
>
Would it be useful therefore to add [unverified] to the start of the
listing -a trusted certificate verification option later would make this
[verified]? Then the format doesn't change once you implement a trusted
certificate infrastructure.
Regards
John
--
John Gray
Azuli IT
www.azuli.co.uk
