Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert

From: Tim <tim-security_at_nospam>
Date: Mon Jan 05 2009 - 19:25:58 GMT
To: James Matthews <nytrokiss@gmail.com>

> SSL certs cost money. This one works the same. etc..

Uh, no, actually CAs provide some weak assurance that the certificate is the real one and associated with that server. A self-signed one provides none. If you can't, in some way, authenticate the certificate then SSL is not any better than sending data plain text. It's not that I approve of the current SSL PKI regime, but it's still better than none.

tim

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: Valdis.Kletnieks_at_nospam: "Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert"
Previous message: Michael Krymson: "[Full-disclosure] to those who want moderation..."
In reply to: James Matthews: "Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert"
Next in thread: Valdis.Kletnieks_at_nospam: "Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert"
Reply: Valdis.Kletnieks_at_nospam: "Re: [Full-disclosure] FD / lists.grok.org - bad SSL cert"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]