On Tue, 2007-12-04 at 19:51 -0500, Owen Taylor wrote: > On Wed, 2007-12-05 at 00:34 +0000, Stef Walter wrote:
> > A TCP connection is basically untrusted. And an SSL connection to > > someone we can't verify is the same from a trust perspective. > > > > Of course, if someone (like Pat with his mail server) has noted a > > specific certificate to be trust worthy, then it will be treated as > > trusted whether or not we have a root CA for it. > > > > But presenting the user with the choice every time is wrong in my opinion. > > Yes, asking the user is wrong... TLS was designed to have central > signing authorities. To make it work as designed, you have to *DENY* the > self-signed case and force server admins to do one of: > > A) Buy a cert from an existing CA > B) Work with others to create an alternate CA system > C) Tell their users how to install a certificate Not even that is really secure. All it means is that someone paid a CA money for a cert. If someone buys a cert from verisign and then sets up a bank site using a domain name that is a misspelled version of some known bank your browser would still say this was a secure site. _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
