On 3/24/2023 9:30 AM, Simon Roberts wrote:
On this, I would disagree. The certificate verifies that the
*connection* has not been usurped by a "man in the middle" attack, and
thereby that the target site is the one you believe it to be. The
certificate says absolutely nothing about the quality or reliab\ility
of the content of the site. So, if you are concerned about the
(extremely small, to be fair) risk that there's a pirate version of a
site being fed to you, you need to ensure the certificate is validated.
Sorry, I was really being unclear.
I did NOT mean "without first checking with the site owners" and that
using an address from them from before (in other words, I would not
trust a "contact address" not obtained until the site had an expired
warning.
I did NOT mean for any and all purposes. It would depend very much on
what I was doing at the site, how I was going to be interacting with it.
Until the problem fixed, would not download software, would not log in
for any financial activities, etc. LOOK at the site, yes. Thus I might
look at a vendor site while doing comparison shopping, checking for
product availability, etc. but not place an order.
Michael D Novack
_______________________________________________
gnucash-user mailing list
gnucash-user@gnucash.org
To update your subscription preferences or to unsubscribe:
https://lists.gnucash.org/mailman/listinfo/gnucash-user
-----
Please remember to CC this list on all your replies.
You can do this by using Reply-To-List or Reply-All.
