[erlang-questions] SSL: "unknown ca"

Eric Pailleau eric.pailleau@REDACTED
Sat Jan 31 12:40:42 CET 2015

I meant that you cannot authenticate a self signed cert unless you stored it your self as secure.
unless this, anybody can forge a cert claiming to be somebody else. much simpler than decrypt the ssl session and do MIM....

« Envoyé depuis mon mobile » Eric

zxq9 <zxq9@REDACTED> a écrit :

>On 2015年1月31日 土曜日 10:35:30 Jon Schneider wrote:
>> > Accepting any SSL connections would be the same as not doing SSL at all.
>> I disagree with this. Without significant resources and the ability to
>> man-in-the-middle reading SSL traffic is still very difficult. In some ways
>> self-signed certificates you have to accept once especially if you check
>> the fingerprint are waaaay better than relying on the integrity of N CAs.
>In an actively supported business data system this is The Right Way to deal 
>with verification.
>That is not the case most people are familiar with, though, be they users or 
>erlang-questions mailing list

More information about the erlang-questions mailing list