Re: I'd like to get rid of pulseaudio but ... (Gene Heskett)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, May 31, 2009 at 13:26:17 -0500,
  Chris Adams <cmadams@xxxxxxxxxx> wrote:
> Once upon a time, Kevin Kofler <kevin.kofler@xxxxxxxxx> said:
> > Most likely it's just a self-signed SSL certificate. Very common, and
> > Firefox stupidly throws a fit over it (which is dumb because it encourages
> > sites to just use unencrypted HTTP instead, which is even less secure, yet
> > gets through with no warning). Just OK the certificate.
> 
> HTTPS with an unknown self-signed cert is barely any more secure than
> unencrypted HTTP, since a man-in-the-middle attack could just be
> replacing the cert and decrypting all communications.

No it is a much harder attack than snooping. To do man in the middle you need
to be able to take packets out of the stream and redirect them. This needs to
be done in real time and if you guess wrong about whether the other end knows
what the certificate is, people are going to notice you doing it.

> However, the reason to "throw a fit" is that end-users have been trained
> that "HTTPS == secure".  They know that HTTP is not secure, but they
> don't know the details of how SSL/TLS work to know that "HTTPS with
> unknown cert != secure".

And be sure to note that certificate signed by RSA, Thawte or whoever doesn't
equate to secure either. Unless you have verified the end certificate
yourself you don't know that the organization on the other end is who you
really mean to be talking to.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux