Firefox 3 SSL certificate warnings
Posted Aug 29, 2008 16:11 UTC (Fri) by giraffedata
In reply to: Firefox 3 SSL certificate warnings
Parent article: Firefox 3 SSL certificate warnings
From the user point of view, isn't a self-signed certificate equal to unencrypted?
Self-signed is better than unencrypted because with unencrypted, an eavesdropper can get your password. With self-signed, he can't.
But with respect to impostors and men in the middle, they're equivalent.
Simply not displaying any claim of security, as you suggest, for the self-signed certificate is probably better than the dire warning. But it would also be nice to see some icon that tells me that, while I might be talking to an impostor, at least no one can eavesdrop on me. Since it's significantly harder for someone to intercept my traffic than just look at it, there are things I would risk in that case that I wouldn't risk on a totally unencrypted connection.
However, I don't know that there's any practical way to make the average user understand this mid-level security. So by default, it would be better to make no claim at all.
to post comments)