Re: outdated ssl cert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Jan 16, 2010 at 17:59:32 +0100,
  Vadkan Jozsef <jozsi.avadkan@xxxxxxxxx> wrote:
> what does a self-signed outdated ssl cert worth? [https]
> 
> could it be tricked [https] in a way, that the end user will not
> recognize? [e.g. he already accepted the cert one time, and the browser
> would warn her, if it been ""attacked""?]
> 
> ..I mean does an outdated self-signed certificate give the same security
> as a normal cert?

Using https even with certs that don't provide identity assurance, still
makes eavesdropping harder (relative to using unencrypted http). Instead of a
passive attack, you need to do an active man in the middle attack.

Also note that every top level certificate is self signed. What makes some
special to most people is that they are delivered with browsers and
don't generate warnings by default. This may or may not be a useful thing
depending on what you expect them to be doing for you.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux