Full Disclosure mailing list archives
Re: FD / lists.grok.org - bad SSL cert
From: Tim <tim-security () sentinelchicken org>
Date: Mon, 5 Jan 2009 11:25:58 -0800
SSL certs cost money. This one works the same. etc..
Uh, no, actually CAs provide some weak assurance that the certificate is the real one and associated with that server. A self-signed one provides none. If you can't, in some way, authenticate the certificate then SSL is not any better than sending data plain text. It's not that I approve of the current SSL PKI regime, but it's still better than none. tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- FD / lists.grok.org - bad SSL cert Gary Wilson (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Avraham Schneider (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Michael Krymson (Jan 07)
- Re: FD / lists.grok.org - bad SSL cert Anders B Jansson (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Rob Thompson (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Noel Butler (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Adrenalin (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert chort (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Rob Thompson (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Avraham Schneider (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Valdis . Kletnieks (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Valdis . Kletnieks (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Valdis . Kletnieks (Jan 05)
- Re: FD / lists.grok.org - bad SSL cert Tim (Jan 05)
- The merits and uses of CAs Christopher Pritchard (Jan 05)
- Re: The merits and uses of CAs Valdis . Kletnieks (Jan 05)