Slashdot Mirror

← Back to Users

User: davidpenrose

davidpenrose's activity in the archive.

Stories
0
Comments
2
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 2

  1. Self Signed Certs aren't always an option on Self-Regulating SSL Certificate Authority? · · Score: 4, Informative
    There are many cases where Self Signed Certs are not an option. Or, rather, any cert signed by a non-trusted CA.

    • Some browsers do not allow you to click 'yes' at all. Think older IE browsers which simply gave you the "something is wrong" page. It may be a completely valid cert in Mozilla, but with this browser you can't view the page no matter how much you want to.

      For example the latest version of Blazer for my palm has no such feature, so I'm screwed.

    • If you do get the ssl warning and the option to say "yes", how do you know you're not the victim of a man-in-the-middle attack?

      In order to click "yes" you should verify that the SHA1 and MD5 fingerprints are correct. Do you carry a copy of these around in your wallet so you can use that web page when you're on the road? I didn't think so.

    Unless you actually control both endpoints (say you are setting up SSL using Stunnel on machines you run) then self-signed certs are not perfectly secure. Or, if you do verify everything as you should, you have introduced a huge hassle in performing secure SSL.

  2. Re:See, there's this thing called 'subtlety'... on The Joystick Is The Root of All Evil · · Score: 1

    But think of the publicity of ...

    wait, no one can see the damned thing.