We have been remiss in not keeping the controversial, allegedly "secure and anonymous" whistleblowing website WikiLeakS.org under proper scrutiny recently.
Some details from the Digital Certificate:
CN = Equifax Secure Global eBusiness CA-1
O = Equifax Secure Inc.
C = US
(16/05/2007 13:43:49 GMT)
(16/05/2008 13:43:49 GMT)
CN = secure.wikileaks.org
OU = Domain Control Validated - RapidSSL(R)
OU = See www.rapidssl.com/resources/cps (c)07
OU = GT46622659
O = secure.wikileaks.org
C = US
Neither of the issuing Trusted Third Parties i.e. RapidSSL and Equifax, now have any legal duty to guarantee the integrity of an expired Digital Certificate. Most web browser software will pop up warning messages, which will, inevitably, either put some people off from reading the website or from submitting new documents.
Since even the Talk pages require the use of https://secure.wikileaks.org, there is now no method of submitting comments or analyses "securely" either.
Remember that WikiLeakS.org only published PGP public key encryption and digital signing key for firstname.lastname@example.org (ID: 0x11015F80), has also expired since 2nd November 2007.
This gives a poor impression of the competence and trustworthiness of the WikiLeakS.org project.
Technically you can still use these expired encryption credentials to send messages or documents to WikiLeakS.org, but why should anyone trust them ?
Even a self-signed, but valid Digital Certificate, (with appropriate documentation as to why you should trust it) , would be preferable to a standard commercial Digitial Certificate, which has obviously expired. By convention and common usage, such an invalid Digital Certificate, and by extension the formerly "secure" webserver on which it resides, and can no longer to be trusted.