On Sun, Oct 28, 2012 at 05:10:39PM +0100, Changaco wrote: > On Sun, 28 Oct 2012 16:39:10 +0100 Iustin Pop wrote: > > Sure, but I was talking about a proper certificate signed by a > > well-known registrar, at which point the https client would default to > > verify the signature against the system certificate store. > > It doesn't matter what kind of certificate the server uses since the > client generally doesn't know about it, especially on first connection. > Some programs remember the certificate between uses and inform you > when it changes, but that's not perfect either.
The client doesn't have to know about it, if it can verify a chain of trust via the system cert store, as I said above. regards, iustin _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
