[nSLUG] Evoting Rant

Dop Ganger nslug at fop.ns.ca
Wed Oct 17 12:49:26 ADT 2012


On Wed, 17 Oct 2012, Daniel AJ Sokolov @ mobile wrote:

> That's what I thought. So I sent emails to Tim Bousquet. Zero reaction so far.
>
> Maybe I'm was bad/too verbose with my explanation. Could you try with Tim or someone else at The Coast?
>
> For our discussion here: Can you please define what you mean by "untrusted"? The non-verification of fingerprints or something else?

You stated "They are unable to verify fingerprints of the SSL certificates 
in use", which therefore means the certificate is untrusted, yes?

Or did I misunderstand and you expected the officer to validate the SHA 
and/or MD5 fingerprint? If so, you were calling the wrong people - you 
should call the issuer (Verisign) to validate the fingerprint as they are 
the purported issuer of this certificate. In addition, I highly doubt you 
were talking to the person at HRM who requested the certificate, and even 
then if it is an issue of trust the requester is not the person to ask to 
verify as they are not the trusted party in this instance.

Cheers... Dop.


More information about the nSLUG mailing list