| |||||||||||||
Firefox 3 SSL certificate warningsFirefox 3 SSL certificate warningsPosted Aug 30, 2008 1:57 UTC (Sat) by njs (guest, #40338)In reply to: Firefox 3 SSL certificate warnings by giraffedata Parent article: Firefox 3 SSL certificate warnings
> But with respect to impostors and men in the middle, they're equivalent.
Sometimes. But usually not... The most valuable thing about a self-signed certificate from my point of view is that you can detect when the cert changes -- so if someone hijacks your connection to a site you've used before, you *know*. This describes the vast majority of sites that I trust with sensitive information -- I have a relationship with them! And even if your first visit to some site gets hijacked, whenever you visit that site again later you will at least discover that it happened (because the real non-hijacked connection will use a different cert than you're expecting).
(Log in to post comments)
Firefox 3 SSL certificate warnings Posted Aug 30, 2008 2:11 UTC (Sat) by giraffedata (subscriber, #1954) [Link] The most valuable thing about a self-signed certificate from my point of view is that you can detect when the cert changes Good point. But as a practical matter, is there any web browser that detects that? I appreciate that the two SSH clients I use do, but I thought web browsers didn't. I assume that the fact that one visits a lot more web sites than shell sites has a lot to do with it.
Firefox 3 SSL certificate warnings Posted Aug 30, 2008 9:04 UTC (Sat) by njs (guest, #40338) [Link]
> But as a practical matter, is there any web browser that detects that?
No, sigh.
Well, you'll get the "it's self-signed, make an exception or run and hide?" dialogs again when the cert changes, but there's no notification that you *already* made an exception, so you'll probably treat it the same way you treat all the other dialogs like that, i.e. curse and click through.
|
|||||||||||||