[erlang-questions] SSL: "unknown ca"
Eric Pailleau
eric.pailleau@REDACTED
Sat Jan 31 12:40:42 CET 2015
I meant that you cannot authenticate a self signed cert unless you stored it your self as secure.
unless this, anybody can forge a cert claiming to be somebody else. much simpler than decrypt the ssl session and do MIM....
« Envoyé depuis mon mobile » Eric
zxq9 <zxq9@REDACTED> a écrit :
>On 2015年1月31日 土曜日 10:35:30 Jon Schneider wrote:
>> > Accepting any SSL connections would be the same as not doing SSL at all.
>>
>> I disagree with this. Without significant resources and the ability to
>> man-in-the-middle reading SSL traffic is still very difficult. In some ways
>> self-signed certificates you have to accept once especially if you check
>> the fingerprint are waaaay better than relying on the integrity of N CAs.
>
>In an actively supported business data system this is The Right Way to deal
>with verification.
>
>That is not the case most people are familiar with, though, be they users or
>developers.
>_______________________________________________
>erlang-questions mailing list
>erlang-questions@REDACTED
>http://erlang.org/mailman/listinfo/erlang-questions
More information about the erlang-questions
mailing list