When Is a Self-Signed SSL Certificate Acceptable? 627
UltraLoser writes "When is it acceptable to encourage users to accept a self-signed SSL cert? Recently the staff of a certain Web site turned on optional SSL with a self-signed and domain-mismatched certificate for its users and encourages them to add an exception for this certificate. Their defense is that it is just as secure as one signed by a commercial CA; and because their site exists for the distribution of copyrighted material the staff do not want to have their personal information in the hands of a CA. In their situation is it acceptable to encourage users to trust this certificate or is this giving users a false sense of security?"
Re:I wonder... (Score:1, Funny)
Yeah, we should trust Debian instead.
Re:Interesting (Score:1, Funny)
How do security morons like you get modded insightful? What the fuck? It's idiots like you that we can blame for all the stupid fucking once-off self-signed certificates on the internet. I don't know who the site is, I've never visited before, but I'm being asked to trust their certificate. There IS NO PRE-EXISTING RELATIONSHIP. There IS NO "BEFORE".
Fuck you and the moron horse you rode in on. Making the internets less secure by being a FUCKING MORON.
-- Your local TLS implementer, who has finally lost his shit with YOU STUPID MOTHER FUCKING SELF-SIGNED IDIOTS.