SSL cert

[Graham Leggett]

Derek Atkins wrote:

> Nope, no other purpose than to get that warning to go away when
> people follow the HTTPS links to the server.  Personally I see nothing
> wrong with self-signed certificates provided you save them forever.

Self signed certificates are meaningless, anyone can impersonate your 
server. The illusion that you have security is far worse than having no 
security at all.

> It's no worse than the security that SSH gives you.

SSH is completely different. You are expected on first connection to 
ensure the key fingerprint is correct, and if the key changes, attempts 
to connect will fail outright, with no option to ignore the problem.

> It's certainly not worth it to me to pay $15 just to help than one
> poor soul a year who gets confused by his browser and doesn't know
> to just accept it.  The fact that Firefox is making it harder to
> accept self-signed certs doesn't help. :(

Please don't spread this FUD around. Certificates exist for a reason, 
and signature failure warnings should be taken seriously.

Regards,
Graham
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3287 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.gnucash.org/pipermail/gnucash-user/attachments/20081015/aa834bac/attachment.bin