On 2015-05-23 11:10, Jon Ribbens wrote: > On 2015-05-23, Michael Torrie <torr...@gmail.com> wrote: > > The same can be said of CA-signed certificates. > > I think you are falling into the trap of believing that all things > are either perfect or they are worthless. CAs aren't perfect, but > neither are they worthless. A self-signed certificate, however, is > worthless.
A self-signed certificate may be of minimal worth the *first* time you visit a site, but if you return to the site, that initial certificate's signature can be used to confirm that you're talking to the same site you talked to previously. This is particularly valuable on a laptop where you make initial contact over a (I hesitate to say "more secure") less hostile connection through your home ISP. Then, when you're out at the library, coffee-shop, or some hacker convention on their wifi, it's possible to determine whether you're securely connecting to the *same* site, or whether an attempt is being made to MitM because the cert changed. -tkc -- https://mail.python.org/mailman/listinfo/python-list