Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why? The crypto is just as strong with a self-signed cert as a "name brand" cert. The only downside is teaching users to ignore SSL errors, which is bad.


The crypto strength of a self-signed cert is irrelevant because a MITM can generate their own self-signed cert with the your website's name.


Right, so you have to verify the certificate through some "out of band" (relative to the browswer) mechanism.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: