Hi, On Dienstag, 1. April 2014, Marc Haber wrote: > I have to agree on that. But a Startcom Certificate on a personal web > site is one web site more that doesn't train users to blindly click > away certificate warnings. A cacert certificate or a self-signed > certificate on a personal web site is one web site more that does that > kind of training. so what? SSL is broken by design, "trusting" anything based on an SSL certificate is foolish at best. any CA (of which there are hundreds enabled in browsers and system libraries by default) can sign any certificate and most (all?) tools won't complain/detect this. so in a way, training not to trust these certs is the best one can do :) cheers, Holger, who wishes banks would push gpg & monkeysphere for https
Attachment:
signature.asc
Description: This is a digitally signed message part.