[erlang-questions] SSL: "unknown ca"
zxq9
zxq9@REDACTED
Sat Jan 31 12:04:26 CET 2015
On 2015年1月31日 土曜日 10:35:30 Jon Schneider wrote:
> > Accepting any SSL connections would be the same as not doing SSL at all.
>
> I disagree with this. Without significant resources and the ability to
> man-in-the-middle reading SSL traffic is still very difficult. In some ways
> self-signed certificates you have to accept once especially if you check
> the fingerprint are waaaay better than relying on the integrity of N CAs.
In an actively supported business data system this is The Right Way to deal
with verification.
That is not the case most people are familiar with, though, be they users or
developers.
More information about the erlang-questions
mailing list