A self-signed certificate does not establish a secure connection between Alice a... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tptacek on Aug 15, 2008 | parent | context | favorite | on: Mozilla SSL policy bad for the Web

A self-signed certificate does not establish a secure connection between Alice and Bob, because Alice can't verify the certificate. Bob can send his certificate, Mallory can trivially intercept it and replace it with her own, and nobody will be the wiser.

Let's not encourage people to adopt security mechanisms that provide no real security. Let's make the security mechanisms we have today, which are strong enough to stop many governments and all of the largest corporations, cost-effective and easier to deploy. Let's solve the right problems, instead of trying to make ourselves feel better by sugarcoating browser warning messages.

aristus on Aug 15, 2008 [–]

It took me a while to get what you are saying, but you are right. I didn't know what I was talking about.

Unless you have a means of verifying the public key fingerprint I you are SOL. Wish I had more modpoints for you.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact