[Xastir] FW: Xastir mailing list probe message
Jason Winningham
jdw at eng.uah.edu
Fri Sep 10 15:45:37 EDT 2004
On Sep 10, 2004, at 2:30 PM, Tom Russo wrote:
> While we're on the subject of the hollymead servers, is anyone else
> seeing
> problems with the security certificates every time they log in to the
> web site?
> The certificates aren't created by a recognized certificate authority,
> so
> mozilla warns me that it's potentially insecure every time I log in.
This is because it's a "self-signed certificate". This means that the
administrator of the web server in question generated the security
certificate instead of paying someone else (Verisign, etc) money every
so often to generate one. The problem with a self-signed certificate
is that the web server you're talking to is saying "trust me, it's OK"
instead of having a third party verify it. This would make a
man-in-the-middle attack easy to pull off. I personally don't worry
about self signed certificates unless there is sensitive information or
money involved. For email passwords I take my chances.
-Jason
kg4wsv
More information about the Xastir
mailing list