Ah Python, you have spoiled me for all other languages
Tim Chase
python.list at tim.thechases.com
Sat May 23 07:34:24 EDT 2015
On 2015-05-23 11:10, Jon Ribbens wrote:
> On 2015-05-23, Michael Torrie <torriem at gmail.com> wrote:
> > The same can be said of CA-signed certificates.
>
> I think you are falling into the trap of believing that all things
> are either perfect or they are worthless. CAs aren't perfect, but
> neither are they worthless. A self-signed certificate, however, is
> worthless.
A self-signed certificate may be of minimal worth the *first* time you
visit a site, but if you return to the site, that initial
certificate's signature can be used to confirm that you're talking to
the same site you talked to previously. This is particularly
valuable on a laptop where you make initial contact over a (I
hesitate to say "more secure") less hostile connection through your
home ISP. Then, when you're out at the library, coffee-shop, or some
hacker convention on their wifi, it's possible to determine whether
you're securely connecting to the *same* site, or whether an attempt
is being made to MitM because the cert changed.
-tkc
More information about the Python-list
mailing list