Forgot your password?
typodupeerror

Comment: Re:Always. (Score 1) 627

by tim_olsen (#23932471) Attached to: When Is a Self-Signed SSL Certificate Acceptable?


Now, I understand perfectly well that Verisign and its brethren have made a huge industry out of scamming consumers into thinking that identification is indeed something that a certificate provides; but that is marketing illusion and nothing more. Hokum and hand-waving.

Yep. If you read the fine print they admit that they cannot vouch for the identity of the website. From their end-user agreement (downcased to bypass /. filters):

6. disclaimer of warranty. ... verisign makes no representation or
warranty to any person that any ca or user to which it has issued a
certificate in the verisign secure server hierarchy is in fact the
person or organization it claims to be in the information supplied to
verisign or that any ca or user is in fact the person or organization
listed in the certificate. verisign makes no assurances of the
accuracy, authenticity, integrity, or reliability of information
contained in certificates or in other certificate status mechanisms
compiled, published or disseminated by verisign, or of the results of
cryptographic methods implemented in connection with such
certificates. ...

An adequate bootstrap is a contradiction in terms.

Working...