[tahoe-dev] SSL samurai attack migration ninjas, film at 11

Dirk Loss lists at dirk-loss.de
Fri Oct 28 18:36:32 UTC 2011

On 28.10.11 20:05, Shawn Willden wrote:
> OT:  Does anyone else think it's crazy that web browsers flash huge red
> warning signs when they see a self-signed cert, as though that's a clear
> indication of some sort of attack being attempted, which is almost never the
> case?

Peter Gutmann seems to completely agree with you in the "Indicating
Security Condition" chapter of his excellent "Engineering Security" book
(page 365 of the current draft).


Best regards,

More information about the tahoe-dev mailing list