[tahoe-dev] SSL samurai attack migration ninjas, film at 11

Shawn Willden shawn at willden.org
Sat Oct 29 11:54:12 UTC 2011

On Sat, Oct 29, 2011 at 2:07 AM, Olaf TNSB
<still.another.person at gmail.com>wrote:

> an object with no WoT (i.e. a new, self signed, SSL cert) is pretty
> worthless...at least in my mind.

Certainly a new, self-signed SSL cert is worthless, in that it doesn't give
you any greater confidence in the site you're visiting than if it used plain

The question is:  Why would you trust the self-signed SSL cert *less* than
you trust nothing?

Put it this way:  Is there any information you'd be comfortable sending to
an unencrypted site but which you'd be uncomfortable sending to the same
site with a self-signed cert?

IMO, the point of self-signed certs isn't to allow secure exchange of
sensitive data.  The point of self-signed certs is to allow casual,
opportunistic encryption; to decrease the value of general monitoring of web

Though an old self-signed cert, one that you've seen hundreds of times over
the course of years,  does have significant security value.  IMO, more than
a new CA-signed cert.

I'd also love to see client-side self-signed (or even unsigned) certificates
become common as a second authentication factor.  Or even as primary
identification and authentication for sites that don't handle secure
information and just want a zero-user-effort mechanism for establishing a
user account.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20111029/f8f2a703/attachment.html>

More information about the tahoe-dev mailing list