By unverified, do you mean self-signed as well? Too many devices and servers use self-signed certs to exclude them. The whole point to self signed certs is so that the world is not forced to purchase a cert from an authority for every single device in order to be relatively secure.
For devices outside a network then yes, certs need to be issued by a trusted authority, but that is the whole point of asking the user. I know I can trust my copier cert. I do NOT know if I can trust microsoft.com<http://microsoft.com>_mie_.de. Not sure if this is relevant to this conversation. Bob S On Oct 26, 2016, at 08:16 , Peter TB Brett <peter.br...@livecode.com<mailto:peter.br...@livecode.com>> wrote: I believe that it's a really really bad idea to download completely unverified certificates and permanently add them to the list of certs that your app trusts implicitly. Peter _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
