[tahoe-dev] SSL samurai attack migration ninjas, film at 11
still.another.person at gmail.com
Sat Oct 29 05:46:37 UTC 2011
I'm not sure that I could be as relaxed about self signed certs as you. It
feels a lot like when I download code with a gpg/pgp signature where the
signing key hasn't been signed by anyone...
I think the web of trust idea is probably the solution for SSL certs, but I
may be wrong. :P
However, saying that, I found the following article from the EFF useful...
I'm using Certificate Patrol (mentioned). I don't know that it makes me any
safer, but I sure as hell feel more aware of the huge # of cert replacements
that occur in my daily net usage.
P.S. Apologies about the TOFU. I'm still learning my phone's email app.
On 29/10/2011 5:05 AM, "Shawn Willden" <shawn at willden.org> wrote:
> OT: Does anyone else think it's crazy that web browsers flash huge red
> warning signs when they see a self-signed cert, as though that's a clear
> indication of some sort of attack being attempted, which is almost never the
> It's always seemed to me than an appropriate browser response to a
> self-signed cert is to accept it and use it to establish an encrypted
> session, but not to display the lock icon or anything else that would make
> the user think this page is especially secure. For bonus points, browsers
> could implement ssh-style notification of server key changes.
> But the sort of big scary warnings browsers now display makes no sense to
> On Fri, Oct 28, 2011 at 10:22 AM, Brian Warner <warner at lothar.com> wrote:
>> The tahoe-lafs.org server has moved! But, we had a hiccup with the SSL
>> certificate on the new server. While Zooko gets a new one generated and
>> installed, there is a self-signed certificate in place. So don't be
>> surprised if you see the "OMG SELF-SIGNED CERT NOO!" warning (known as
>> the "Larry Dialog" in firefox). It should be fixed within a couple of
>> hours, so don't feel obligated to bypass the warning.. just check back
>> in later.
>> tahoe-dev mailing list
>> tahoe-dev at tahoe-lafs.org
> tahoe-dev mailing list
> tahoe-dev at tahoe-lafs.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tahoe-dev