On 10/02/2013 08:49 PM, Tim Starling wrote:
On 02/10/13 05:56, Federico Leva (Nemo) wrote:
Yes, beta can't currently really be used
unless you manually confirm
certificates. (Which, by the way, you should never do on any website.)
Why not? Self-signed certificates are as secure as plain HTTP, which
you would think would be good enough for most people for connecting to
a test wiki.
First of all, trusting random certs is a bad habit to get into. Few
people go through the trouble to check the cert chain themselves,
obviously, so they don't know if it's "self-signed" or
"man-in-the-middle signed".
I considered adding an "unless etc. etc." after that "you
shouldn't",
but it was getting longer that the whole thread so I refrained.
Nemo