On Sunday 31 May 2009, Chris Adams wrote: >Once upon a time, Kevin Kofler <kevin.kofler@xxxxxxxxx> said: >> Most likely it's just a self-signed SSL certificate. Very common, and >> Firefox stupidly throws a fit over it (which is dumb because it encourages >> sites to just use unencrypted HTTP instead, which is even less secure, yet >> gets through with no warning). Just OK the certificate. > >HTTPS with an unknown self-signed cert is barely any more secure than >unencrypted HTTP, since a man-in-the-middle attack could just be >replacing the cert and decrypting all communications. > >However, the reason to "throw a fit" is that end-users have been trained >that "HTTPS == secure". They know that HTTP is not secure, but they >don't know the details of how SSL/TLS work to know that "HTTPS with >unknown cert != secure". +1000 >-- >Chris Adams <cmadams@xxxxxxxxxx> >Systems and Network Administrator - HiWAAY Internet Services >I don't speak for anybody but myself - that's enough trouble. Yeah, my mouth has been known to write checks I then had to cover. :) -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. <https://www.nrahq.org/nrabonus/accept-membership.asp> A closed mouth gathers no foot. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
