On Sat, 9 Nov 2013 09:22:12 -0500 Paul Syverson paul.syverson@nrl.navy.mil allegedly wrote:
On Sat, Nov 09, 2013 at 12:50:18PM +0000, mick wrote:
I don't see any problem per se with a self-signed certificate on a site which does not purport to protect anything sensitive (such as financial transactions). The problem with this particular certificate is that the common name identifier is both wrong (www) and badly formattted (http://) But both of those errors can be corrected very quickly.
Why pay a CA if you don't trust the CA model?
You may want to take a look at https://blog.torproject.org/blog/life-without-ca
Paul
Thanks for the pointer - nice post. I tend to agree, though I am not personally that fanatical about deleting all CAs in my browser. I /am/ deeply sceptical about what any particular SSL cert may, or may not, be telling me.
I use self signed certs on my email server and on my website. But they are are there to protect my authentication. I do not expect anyone else to trust them.
Mick
---------------------------------------------------------------------
Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net
---------------------------------------------------------------------