From: Ira Abramov (Lists-Linux-IL_at_nonexisting.hamakor.org.il)
Date: Sun 23 Feb 2003 - 18:28:07 IST
Quoting Eran Tromer, from the post of Sun, 23 Feb:
> > I use SSL with unsigned certificates all the time. the browser
> > may send warnings, but the link is secured.
>
> Is it? You're exposed to man-in-the-middle attacks.
that much is true, but I use it for medium-security connectivity. if I
had to move around really sensitive stuff (actual CC numbers, root
password, PGP passphrases - NOT) I'd consider other modes of operation. for
now, carrying in my pocket the legal fingerprint of the remote site and
checking it when the browser complains of an untrusted certificate is
quite safe for the apps I stick to. I would NOT recommend anyone who
needs an E-commerce solution to take that path though.
-- Carries a big stick Ira Abramov http://ira.abramov.org/email/ This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal. ================================================================= To unsubscribe, send mail to linux-il-request_at_linux.org.il with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail linux-il-request_at_linux.org.il
This archive was generated by hypermail 2.1.7 : Mon 06 Oct 2003 - 23:44:22 IST