[tahoe-dev] SSL samurai attack migration ninjas, film at 11
shawn at willden.org
Sat Oct 29 11:54:12 UTC 2011
On Sat, Oct 29, 2011 at 2:07 AM, Olaf TNSB
<still.another.person at gmail.com>wrote:
> an object with no WoT (i.e. a new, self signed, SSL cert) is pretty
> worthless...at least in my mind.
Certainly a new, self-signed SSL cert is worthless, in that it doesn't give
you any greater confidence in the site you're visiting than if it used plain
The question is: Why would you trust the self-signed SSL cert *less* than
you trust nothing?
Put it this way: Is there any information you'd be comfortable sending to
an unencrypted site but which you'd be uncomfortable sending to the same
site with a self-signed cert?
IMO, the point of self-signed certs isn't to allow secure exchange of
sensitive data. The point of self-signed certs is to allow casual,
opportunistic encryption; to decrease the value of general monitoring of web
Though an old self-signed cert, one that you've seen hundreds of times over
the course of years, does have significant security value. IMO, more than
a new CA-signed cert.
I'd also love to see client-side self-signed (or even unsigned) certificates
become common as a second authentication factor. Or even as primary
identification and authentication for sites that don't handle secure
information and just want a zero-user-effort mechanism for establishing a
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tahoe-dev