[tahoe-dev] SSL samurai attack migration ninjas, film at 11

[Dirk Loss]

On 28.10.11 20:05, Shawn Willden wrote:
> OT:  Does anyone else think it's crazy that web browsers flash huge red
> warning signs when they see a self-signed cert, as though that's a clear
> indication of some sort of attack being attempted, which is almost never the
> case?

Peter Gutmann seems to completely agree with you in the "Indicating
Security Condition" chapter of his excellent "Engineering Security" book
(page 365 of the current draft).

http://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf

Best regards,
Dirk