|
Full Disclosure
mailing list archives
Re: FD / lists.grok.org - bad SSL cert
From: Tim <tim-security () sentinelchicken org>
Date: Mon, 5 Jan 2009 11:25:58 -0800
SSL certs cost money. This one works the same. etc..
Uh, no, actually CAs provide some weak assurance that the certificate is
the real one and associated with that server. A self-signed one
provides none. If you can't, in some way, authenticate the certificate
then SSL is not any better than sending data plain text. It's not that
I approve of the current SSL PKI regime, but it's still better than
none.
tim
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: FD / lists.grok.org - bad SSL cert James Matthews (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
Re: FD / lists.grok.org - bad SSL cert chort (Jan 05)
(Thread continues...)
|
