On Wed, Dec 07, 2005 at 11:43:24AM -0500, Jiang, Qinglin <[EMAIL PROTECTED]> wrote: > I noticed that nessus doesn't produce a warning when there's a > self-signed ssl certificate. > Users will normally accept a self-signed certificate. > In terms of security I wouldn't say that's a secure practice because > it's subject to man-in-the-middle attack. > For personal use it seems to be OK but for commercial purposes, it's > bad.
For commercial purposes, it is ok if there is a path of trust between the issuer of the self-signed certificate and myself. Actually, if I verified a self-signed certificate myself, I trust that connection _much_ more than one of one of the major certificate vendors who have a history of sometimes sloppily verifying the identify of the certificate requestor. Greetings Marc, not in the least surprised about this message after associating the sender e-mail address with the message contents -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
