Le 29 mai 2014 à 10:25, David Keeler <dkee...@mozilla.com> a écrit : > But without verifying that the certificate they received is the > certificate you created, those users are open to attack.
agreed. My intent in the discussion is NOT "Let's not verify the certificate is valid" but to allow the scenario "This self-signed certificate is from blah and we checked it". Basically, to have mechanisms where the trust is not a question of centralization. Centralized trust systems have their own set of weakness and consequences for the infrastructure. -- Karl Dubost, Mozilla http://www.la-grange.net/karl/moz _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform