[Wikimedia-l] Invalid security certificate for en.wikipedia.beta.wmflabs.org

Federico Leva (Nemo) nemowiki at gmail.com
Thu Oct 3 14:43:22 UTC 2013


Matthew Flaschen, 03/10/2013 10:33:
> On 10/02/2013 08:49 PM, Tim Starling wrote:
>> On 02/10/13 05:56, Federico Leva (Nemo) wrote:
>>> Yes, beta can't currently really be used unless you manually confirm
>>> certificates. (Which, by the way, you should never do on any website.)
>>
>> Why not? Self-signed certificates are as secure as plain HTTP, which
>> you would think would be good enough for most people for connecting to
>> a test wiki.
>
> First of all, trusting random certs is a bad habit to get into.  Few
> people go through the trouble to check the cert chain themselves,
> obviously, so they don't know if it's "self-signed" or
> "man-in-the-middle signed".

I considered adding an "unless etc. etc." after that "you shouldn't", 
but it was getting longer that the whole thread so I refrained.

Nemo



More information about the Wikimedia-l mailing list