On Sun, Dec 8, 2013 at 2:00 AM, Drak <d...@zikula.org> wrote: > There is really no excuse for not using an SSL certificate. Without one it > would be trivial for an attacker to change the contents of the page via > MITM.
Having control of the site gives you a cert regardless, as several CAs will issue a cert to anyone who can make a http page appear at a specific URL at the domain when requested via the CA over http. It really is darn near pretextual security in this kind case— only protecting you against attacks near the client, not the server— but as Wladimir says, it's expected and I don't see how it would be a harm. The revocation argument is somewhat interesting, especially since any such site should use HSTS or otherwise a downgrade attack is trivial. ------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
