LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Firefox 3 SSL certificate warnings

Firefox 3 SSL certificate warnings

Posted Aug 28, 2008 1:37 UTC (Thu) by joedrew (guest, #828)
Parent article: Firefox 3 SSL certificate warnings

There is a risk of man-in-the-middle attacks from self-signed certificates because anyone can create certificate that purports to be for any other given web site.

I can't emphasize this enough: if you are on the wrong network, all your (for example) amazon.com traffic can be redirected to someone else, and the only way you will know is because the certificate will be self-signed. This is enormously scary, and until Firefox has Key Continuity Management, the scary self-signed cert warnings will have to do.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds