Even without checking the certificate, https is mre secure than plain http. Of course you are vulnerable to MITM attacks (just as you are with http), but at least you are secure from pasive attacks.
I really don't understand why browsers show a scary warning when you try to connect a web page by https with an untrtusted certificate... but show no warning at all when you connect to a much less secure plain http page. El domingo, 9 de agosto de 2015, 19:21:03 (UTC+2), Michael Orlitzky escribió: > > On 08/09/2015 07:09 AM, Volker Braun wrote: > > Yes, though we don't have a certificate for *.sagemath.org. Besides the > > cost, you also need to periodically renew etc. Though I'm hoping that > > Let's Encrypt (https://letsencrypt.org) will fix that. Launching this > > September... > > Just use a self-signed cert and post the fingerprint. If we trust you > enough to click that URL, we trust you enough to post the fingerprint. > For anyone who cares, that process is more secure than using a CA cert. > Anyone who doesn't care or who believes the browser warning can use > plain http. > > -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at http://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
