In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] (David Woolley) writes: >In article <[EMAIL PROTECTED]>, >Steve Kostecke <[EMAIL PROTECTED]> wrote: > >> We are using a self-signed SSL certificate. > >Which means that you have little more security than if you weren't using >one at all (note although SSL can negotiate no authentication, I don't >think that normal browsers or servers permit that - that's because an >unauthenticated connection is basically insecure!).
Absolutely - and where is the need for this imagined security on a public bug-reporting system anyway? (It seems to be something of a trend in that particular area.) >> Most people choose accept this certificate > >Most people don't understand the purpose of certificates. They think >they are used and needed for encryption, whereas encryption is perfectly >possible with a purely transient public key, but is vulnerable to a >man in the middle attack. If they did understand them, they would be >cautious of using the many e-commerce sites whose certificates don't >match the business they think they are dealing with. (One can probably >trust Worldpay to authenticate their merchants, but many certificates are >for unknown web hosting companies.) The really bad part about using these unverifiable certificates is that "most people" get conditioned into believing that a certificate warning is a perfectly normal thing, just click OK and go ahead. Of course many "most people" click OK on any and all popups without even reading the message, but why make things worse? >> (hopefully after examining >> it). > >Anyone examining it should realise that, unless they take steps to >authenticate the certificate by other means (a notorised paper copy of >the fingerprint?), they could actually be talking to almost anyone. >You look at certificates to see if you trust the counter-signatory, >and to see if the subject name matches the organisation it purports to >belong to well enough that no-one except that organisation could have >convinced the counter-signatory to counter sign it. But there is obviously no way to establish that the claimed counter-signatory isn't totally faked by just looking at the certificate (or even "examining" it). Anyone can produce certificates that have Verisign or whatever as the Issuer DN - only after (programmatically) verifying the signature of the certificate against a trusted CA certificate from the Issuer does the text string in the certificate have any significance at all. So the only thing that can be achieved by "examining" a self-signed certificate like this is the realization that it can't be trusted, which is just what the browser popup told you in the first place. --Per Hedeland [EMAIL PROTECTED] _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
