André Warnier wrote:
It is my understanding that we could set up our own "certificate authority" (CA) and create our own server certificates. A customer browser, upon the first connection, would pop up some message indicating that it cannot verify this certificate, and offering maybe to "authorise" our own CA as a valid one. Once they did this, the popup would not happen again, and their communications with the website would be encrypted (which is the main point of the exercise).
An attacker can use precisely the same mechanism to serve their own certificate. Your website will have carefully trained the user in advance to ignore all security warnings and accept the rogue certificate. What a waste of time. The only thing you're protecting against is a passive attacker.
Cheers, Nicholas Sherlock --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx