Self Signed Certs aren't always an option (Score 4, Informative)

There are many cases where Self Signed Certs are not an option. Or, rather, any cert signed by a non-trusted CA.

• Some browsers do not allow you to click 'yes' at all. Think older IE browsers which simply gave you the "something is wrong" page. It may be a completely valid cert in Mozilla, but with this browser you can't view the page no matter how much you want to.

  For example the latest version of Blazer for my palm has no such feature, so I'm screwed.

• If you do get the ssl warning and the option to say "yes", how do you know you're not the victim of a man-in-the-middle attack?

  In order to click "yes" you should verify that the SHA1 and MD5 fingerprints are correct. Do you carry a copy of these around in your wallet so you can use that web page when you're on the road? I didn't think so.

Unless you actually control both endpoints (say you are setting up SSL using Stunnel on machines you run) then self-signed certs are not perfectly secure. Or, if you do verify everything as you should, you have introduced a huge hassle in performing secure SSL.