In <4a7b1eb8.1030...@physik.blm.tu-muenchen.de>, Johannes Wiedersich wrote: >Boyd Stephen Smith Jr. wrote: >> BTW, self-signed certificate != end-to-end security, it is trivial for >> an attacker to perform a man-in-the-middle attack. > >Except, if it is you who self-signed BOTH certificates (and verify that >it is still the one you signed), IIUC.
Better to create your own CA and import it into your trust chain. That may not be possible in every environment. If not, checking the certificate fingerprint[1] *every* *time* you establish a connection is an acceptable substitute. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/ [1] And don't use MD5 if your data is more valuable that a top-end video card. Use SHA-1 if you have to; SHA-2 if possible; SHA-3 as soon as it is available.
signature.asc
Description: This is a digitally signed message part.
