[tor-relays] OT :Self-signed SSL certs - was - Re: Watching the attacks on my relay

mick mbm at rlogin.net
Sat Nov 9 14:44:35 UTC 2013

On Sat, 9 Nov 2013 09:22:12 -0500
Paul Syverson <paul.syverson at nrl.navy.mil> allegedly wrote:

> On Sat, Nov 09, 2013 at 12:50:18PM +0000, mick wrote:
> > > 
> > I don't see any problem per se with a self-signed certificate on a
> > site which does not purport to protect anything sensitive (such as
> > financial transactions). The problem with this particular
> > certificate is that the common name identifier is both wrong (www)
> > and badly formattted (http://) But both of those errors can be
> > corrected very quickly.
> > 
> > Why pay a CA if you don't trust the CA model?
> > 
> You may want to take a look at
> https://blog.torproject.org/blog/life-without-ca


Thanks for the pointer - nice post. I tend to agree, though I am not
personally that fanatical about deleting all CAs in my browser. I /am/
deeply sceptical about what any particular SSL cert may, or may not, be
telling me.

I use self signed certs on my email server and on my website. But
they are are there to protect my authentication. I do not expect anyone
else to trust them. 



 Mick Morgan
 gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20131109/4c0ae37b/attachment.sig>

More information about the tor-relays mailing list