[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Microsoft deems all DigiNotar certificates untrustworthy, releases
- Subject: Microsoft deems all DigiNotar certificates untrustworthy, releases
- From: davei at otd.com (David Israel)
- Date: Tue, 13 Sep 2011 10:54:25 -0400
- In-reply-to: <CACg3zYHrY7g1NhrrKGs=oPFKryr8pfvsrr=pxB5DY78Simx85Q@mail.gmail.com>
- References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <CACg3zYHrY7g1NhrrKGs=oPFKryr8pfvsrr=pxB5DY78Simx85Q@mail.gmail.com>
On 9/13/2011 10:29 AM, Tei wrote:
> *a random php programmer shows*
>
> He, I just want to self-sign my CERT's and remove the ugly warning that
> browsers shows. I don't want to pay 1000$ a year, or 1$ a year for that. I
> just don't want to use cleartext for internet data transfer. HTTP is like
> telnet, and HTTPS is like ssh. But with ssh is just can connect, with
> browsers theres this ugly warning and "fuck you, self-signed certificate"
> from the browsers. Please make the pain stop!.
>
With ssh, you will get a warning if the remote host key is not known,
with a fingerprint and advice not to accept it if you don't know if it
is correct. This is a direct analog to the warning that the remote
host's certificate cannot be verified. In both cases, you are given the
chance to accept the key/certificate and continue going; depending on
the implementation, you might also be given the option to accept it once
or forever. Ssh is actually prone to bigger, uglier, more explicit "you
probably don't want to trust this" warnings, especially about things
like key changes.