On Tue, Aug 18, 2015, at 02:05, juice wrote: > ... > In this case it is also self-evident why I want the location data to > remain confidental. As the transport channel is secured, neither my > password nor the reply coordinates are exposed to outside parties. >...
By not checking the certificate validity, the channel is secured, but you don't know who you're talking to, so you might just have a secure channel to someone who's doing a MITM. That's not what you want. Since you won't be buying some certificate from a CA, how about using your own CA certificate to sign your server's one, and including that with the app? What about at least some form of caching (like, storing it after first connection to see it doesn't vary?). If this is done via a LAN, there's a much lower risk that there's a MITM, and subsequent connections are guaranteed to be made to the same remote device. -- Hugo Osvaldo Barrera _______________________________________________ SailfishOS.org Devel mailing list To unsubscribe, please send a mail to devel-unsubscr...@lists.sailfishos.org
