SSL cert

Derek Atkins warlord at MIT.EDU
Wed Oct 15 18:07:41 EDT 2008


Quoting Graham Leggett <minfrin at sharp.fm>:

> Eric Anopolsky wrote:
>
>> There are a lot of nasty things people can do without performing a MITM
>> attack, like eavesdropping on unencrypted connections. Self-signed
>> certificates close that hole simply, quickly, and automatically.
>
> If you created the self signed cert yourself, then sure. If you 
> didn't, then the connection might as well be completely open.

Protection against passive attacks is ALWAYS better than no protection
at all.  For example, do you send all your US Postal Mail on post cards?
It's very easy to open an envelope in transit.  But putting it in an
envelope protects against the passive attack of someone reading the message
as it goes by.  Self signed certificates protect against that same kind
of passive attacks.   They do not protect against many active attacks,
but neither do envelopes sent through the mail.   Regardless, saying that
it's worthless is doing a disservice to everyone.

"The Perfect is the enemy of The Good".

In this particular case I DID generate the self-signed cert myself, and
I'll gladly email it to anyone who wants it.  But then again, why
would you trust that, either?

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available



More information about the gnucash-user mailing list