On Sun, 28 Oct 2012 16:39:10 +0100 Iustin Pop wrote: > Sure, but I was talking about a proper certificate signed by a > well-known registrar, at which point the https client would default to > verify the signature against the system certificate store.
It doesn't matter what kind of certificate the server uses since the client generally doesn't know about it, especially on first connection. Some programs remember the certificate between uses and inform you when it changes, but that's not perfect either. > Yes, I'm fully aware that this is not fully safe, but I hope you agree > that https with a proper certificate is much better than plain http. I agree that X.509 provides some protection, but PGP is better. My point was: when possible don't rely on X.509 for security, build a Web of Trust instead. _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe