Fedora home server using core 9
Les Mikesell
lesmikesell at gmail.com
Wed Sep 3 12:43:52 UTC 2008
Alan Cox wrote:
>> Did you also try it as just plain HTTP? You get redirected to HTTPS.
>
> Which for a self signed certificate is a bit of waste and proves nothing
> really.
>
> You might be talking to the web site, you might be talking to a fake site
> proxying the web site. DNS is not secure so you don't know. If it is a
> fake that is relaying the connection you just lost.
>
> At least http:// makes you aware and uncomfortable in doing stupid things.
Unless, of course, you have an out-of-band way of receiving a matching
certificate, in which case a self-signed version might be even more
trustworthy than the commercial services. That might be the case for
some folks using the site in question.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list