On 10.02.2016 19:00, DM Smith wrote: > I don’t understand your HTTP-only comment regarding the wiki. It works just > fine under HTTPS. Is your objection the self-signed certificate?
I object to sending my login credentials over the wire in plain text. Btw, the wiki login form didn't redirect to HTTPS. I don't object to self-signed certificates in general. Its the chain of trust that matters. Currently I don't have any reason to trust the certificate with SHA-256 fingerprint EC:E2:A6:2C:05:CB:1C:34:40:09:DE:87:99:26:16:C4:CA:33:F6:AB:1B:9A:70:D8:17:65:71:DC:E1:6B:94:76 because I have no certainty whatsoever that it indeed belongs to Crosswire. If the login were on HTTPS, a certificate signed by a CA trusted by Firefox trusted by me (for the issue at hand) would have been sufficient. I don't want to start a crypto discussion and fuel people into calling me paranoid. I doubt that further discussion on this matter will do any good. Blessings! Jaak _______________________________________________ sword-devel mailing list: sword-devel@crosswire.org http://www.crosswire.org/mailman/listinfo/sword-devel Instructions to unsubscribe/change your settings at above page
