who cares??

i am happy aslong as there is a cryptation there.

the cert is just bullshit so companys can steal my money.

if they whant to hack the oregin there is not really a probelm for the hacker.

This functionality makes for a cool demo of microsoft technologies with their CA and browser. A good use case is that an enterprise does not have to distribute the CAs through group policies or whatever since its users are all on the corporate standard browser. Usually the disappointment sets in when you realize that the actual corporate standard (ie6) doesn’t support all of the cool functionality (I’m not sure about the AIA feature, though, which may work in ie6) and that a lot of users are trying to ditch the corporate standard by running firefox.

It is not surprising that dell appears to be using a dell-operated CA (almost certainly running microsoft’s CA) to issue this ssl server cert.

I believe that Sarari (and almost certainly IE but I didn’t test) showed the certificate as valid because they can do more dynamic work to build the certificate chain. The fancy work is to process the certificate AIA extension to fetch the CA for the certificate being evaluated and thereby dynamically build the certificate chain to a trusted root – gte cybertrust. Sadly, I didn’t do a packet capture just then, and the behavior has been updated to support Firefox.

I expect that someone only tested with IE and didn’t catch that other browsers didn’t work. The fix was to have the web server send the intermediate CA certs in the chain, too. This is interesting because I have not seen browsers do the dynamic path building using the AIA extension outside of a lab.

When Reuters Health processed credit-card purchases (it no longer does), we self-certified. It’s impossible to say how many people didn’t buy because of that, obviously, but only one person ever complained during the entire couple of years.