Matthias Clasen <mclasen <at> redhat.com> writes:
> Making it this annoying may be the only way to get some of the web sites
> fixes. I'd certainly hope that it has this effect for the RH/Fedora
> servers...
"Get them fixed" as in "force them to shell out loads of money to the
certificate cartels"... What security does this bring in practice? Consider
that many phishing sites have valid (!) SSL certificates, whereas several
legitimate sites have self-signed certificates.
And no, I don't need a theory rehash about man-in-the-middle attacks, I know
that valid certificates prevent these, but in practice MITM isn't what's used
for real-world attacks, phishing-gangster-at-the-other-end is, and SSL
certificates have shown highly vulnerable to these (because let's face it, the
certificate cartels' real motivation is to make money, they'll do as few
verifications of their clients as they'll get away with).
Kevin Kofler
_______________________________________________
Fedora-art-list mailing list
Fedora-art-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-art-list
