On Sat, 9 Nov 2013 09:22:12 -0500 Paul Syverson <paul.syverson@xxxxxxxxxxxx> allegedly wrote: > On Sat, Nov 09, 2013 at 12:50:18PM +0000, mick wrote: > > > > > I don't see any problem per se with a self-signed certificate on a > > site which does not purport to protect anything sensitive (such as > > financial transactions). The problem with this particular > > certificate is that the common name identifier is both wrong (www) > > and badly formattted (http://) But both of those errors can be > > corrected very quickly. > > > > Why pay a CA if you don't trust the CA model? > > > > You may want to take a look at > https://blog.torproject.org/blog/life-without-ca > Paul Thanks for the pointer - nice post. I tend to agree, though I am not personally that fanatical about deleting all CAs in my browser. I /am/ deeply sceptical about what any particular SSL cert may, or may not, be telling me. I use self signed certs on my email server and on my website. But they are are there to protect my authentication. I do not expect anyone else to trust them. Mick --------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net ---------------------------------------------------------------------
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays