On Monday, April 13, 2015 at 4:43:25 PM UTC-4, byu...@gmail.com wrote: > These guys can go around thinking they're secure while trusting root CAs like > CNNIC whilst ignoring DNSSEC and the like; the rest of us can get back on > track with a new, sane browser. While we're at it, we could start treating > self-signed certs like we do SSH, rather than as being *infinitely worse* > than HTTP (I'm surprised Mozilla doesn't demand a faxed form signed by a > notary public to accept a self-signed cert yet. But I shouldn't give them any > ideas ...)
A self-signed cert is worse than HTTP, in that you cannot know if the site you are accessing is supposed to have a self-signed cert or not. If you know that, you can check the fingerprint and bypass the warning. But let's say you go to download a fresh copy of Firefox, just to find out that https://www.mozilla.org/ is serving a self-singed cert. How can you possibly be sure that you are not being MITM'ed? Arguably, it's worse if we simply ignore the fact that the cert is self-signed, and simply let you download the compromised version, vs giving you some type of indication that the connection is not secure (e.g.: no green bar because it's plain HTTP). That is not to say that we should continue as is. HTTP is insecure, and should give the same warning as HTTPS with a self-signed cert. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
