Am 02.07.2015 um 16:04 schrieb drago01:
On Thu, Jul 2, 2015 at 2:33 AM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:Am 02.07.2015 um 02:30 schrieb Michael Catanzaro:On Wed, 2015-07-01 at 19:59 -0400, Paul Wouters wrote:Principles are good and well. But how many times did you actually USE that option you so reluctantly implemented? :)Actually, I honestly don't remember ever using it except testing it during development. I just don't visit broken sites. They are few and far between nowadaysthat's nonsense a self signed certificate is exactly as secure as a CA certificate you pay for after there are hundrets and thousands by default trusted CA's in the browsers with the only difference you have to accept it onceNo its not. Because everyone can issue them you can't really know whether it is from who it claims to be from ... even in case you can its in case an attacker gains access of it the issuer can't really revoke it anymore. Browsers do show those warnings for self signed certs for a reason and that reason is *not* to sell certificates
*lol* and with a CA certificate you can?given that there are thousands of CA's and you need *only one* with a broken verfication process to get a certificate for whatever you want you can't and if you would read IT news you would know that
the CA system is broken by design
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
