[tahoe-dev] SSL samurai attack migration ninjas, film at 11
Dirk Loss
lists at dirk-loss.de
Fri Oct 28 18:36:32 UTC 2011
On 28.10.11 20:05, Shawn Willden wrote:
> OT: Does anyone else think it's crazy that web browsers flash huge red
> warning signs when they see a self-signed cert, as though that's a clear
> indication of some sort of attack being attempted, which is almost never the
> case?
Peter Gutmann seems to completely agree with you in the "Indicating
Security Condition" chapter of his excellent "Engineering Security" book
(page 365 of the current draft).
http://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf
Best regards,
Dirk
More information about the tahoe-dev
mailing list