On Sat, 9 Nov 2013 12:50:18 +0000 mick <mbm@xxxxxxxxxx> wrote: > I don't see any problem per se with a self-signed certificate on a site > which does not purport to protect anything sensitive (such as financial > transactions). The problem with this particular certificate is that > the common name identifier is both wrong (www) and badly formattted > (http://) But both of those errors can be corrected very quickly. > > Why pay a CA if you don't trust the CA model? If your primary objection is the need to pay for certificates (and not e.g. the possibility of CA itself being backdoored etc), then I'd suggest considering CACert[1]. It provides free wildcard certificates which are already trusted out of the box by some[2] FOSS operating systems such as Debian. I'd say it is better than trusting individual self-signed certs, and somewhat better than using your own root CA cert, since it saves the effort required to install your own CA on all machines you need to use it on. [1] http://www.cacert.org/ [2] http://wiki.cacert.org/InclusionStatus -- With respect, Roman
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays