On Mon, Nov 30, 2015 at 09:48:48PM +0100, Matthias Apitz wrote: > > > Can you put it soemwhere where only HTTP is onvolved. SSL claims the > > > page as insecure. > > > > It only claims that the certificate the server is using is > > self-signed, meaning that it can't be validated as belonging to anyone > > in particular by the big certificate trusts. If you're willing to > > look at it without SSL entirely, then who cares if the cert doesn't > > validate? This is just not interesting. > > Maybe for you (Derek Martin) it is not, but for me.
OK, fair enough, but then can you please explain what the issue is? Can you explain how a site serving SSL with a self-signed certificate is the slightest bit less secure than the same one not using SSL at all? > It is already an issue if a posted URL of http://... is redirected > to some SSL URL of untrusted certifications. As for the redirect, it's to the same hostname, using a more secure version of the same protocol, albeit with an unverifiable certificate--but you couldn't verify the server's identity before either so there's no difference whatsoever in that regard. How is UPGRADING the security a problem? -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
pgpMLbnLGR7EX.pgp
Description: PGP signature
