nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft deems all DigiNotar certificates untrustworthy, releases

From: David Israel <davei () otd com>
Date: Tue, 13 Sep 2011 10:54:25 -0400
On 9/13/2011 10:29 AM, Tei wrote:

*a random php programmer shows*

He, I just want to self-sign my CERT's and remove the ugly warning that
browsers shows. I don't want to pay 1000$ a year, or 1$ a year for that. I
just don't want to use cleartext for internet data transfer.  HTTP is like
telnet, and HTTPS is like ssh. But with ssh is just can connect, with
browsers theres this ugly warning and "fuck you, self-signed certificate"
from the browsers.  Please make the pain stop!.
With ssh, you will get a warning if the remote host key is not known, with a fingerprint and advice not to accept it if you don't know if it is correct. This is a direct analog to the warning that the remote host's certificate cannot be verified. In both cases, you are given the chance to accept the key/certificate and continue going; depending on the implementation, you might also be given the option to accept it once or forever. Ssh is actually prone to bigger, uglier, more explicit "you probably don't want to trust this" warnings, especially about things like key changes.
Previous By Date Next
Previous By Thread Next

Current thread: