RE: [Half OOT] The Cons of Using Self-Signed Certificate

To: <debian-user@lists.debian.org>
Subject: RE: [Half OOT] The Cons of Using Self-Signed Certificate
From: "Kevin Ross" <kevin@familyross.net>
Date: Fri, 11 Sep 2009 12:03:48 -0700
Message-id: <[🔎] 009f01ca3312$97fabba0$c7f032e0$@net>
In-reply-to: <[🔎] 20090911120933.GA11818@aurora.owens.net>
References: <[🔎] b30f17480909102306x205b729cg218a9b693ec8ff67@mail.gmail.com> <[🔎] 8E1EBFC016D949859F9779E5541BF2CC@inspiron> <[🔎] b30f17480909110024y24517f62od552c08ac610f965@mail.gmail.com> <[🔎] 20090911120933.GA11818@aurora.owens.net>

> From: Rob Owens [mailto:rowens@ptd.net]
> Sent: Friday, September 11, 2009 5:10 AM
> The benefit of the certificate is two-fold.
> 
> 1)  It encrypts traffic
> 
> 2)  It identifies the server
> 
> Kevin was pointing out to you that benefit #2 would be lost if your
> clients do not manually install the certificates and blindly accept the
> certificate presented to them on first connection.  This opens you up
> to a man-in-the-middle attack, however unlikely that might be.
> 
> -Rob

If someone can sniff the packets to steal plaintext passwords, they can
also poison your DNS cache to redirect the client requests to their own
server.

Reply to:

References:
- [Half OOT] The Cons of Using Self-Signed Certificate
  - From: Zaki Akhmad <zakiakhmad@gmail.com>
- RE: [Half OOT] The Cons of Using Self-Signed Certificate
  - From: "Kevin Ross" <Kevin@FamilyRoss.net>
- Re: [Half OOT] The Cons of Using Self-Signed Certificate
  - From: Zaki Akhmad <zakiakhmad@gmail.com>
- Re: [Half OOT] The Cons of Using Self-Signed Certificate
  - From: Rob Owens <rowens@ptd.net>

Prev by Date: Re: [Xen-users] Slow network speed with Xen 3.2-1
Next by Date: Re: 2.6.30 (Squeeze): no hda1 no sda1
Previous by thread: Re: [Half OOT] The Cons of Using Self-Signed Certificate
Next by thread: Re: [Half OOT] The Cons of Using Self-Signed Certificate
Index(es):
- Date
- Thread