[josm-dev] How to run applet?
Dirk Stöcker
openstreetmap at dstoecker.de
Fri Mar 4 19:32:47 GMT 2011
On Fri, 4 Mar 2011, Mike N wrote:
> Firefox itself does not accept the server certificate on a fresh install -
> once you decide to trust the certificate, it adds the checkmark by default to
> trust it in the future. I always uncheck that in Firefox since I have no
> way to know how the private keys are handled.
You also have no way to know how a bought certificate is handled. So
either you trust a site or not. The SSL certificate system is based on a
"somebody payed for it, so you can trust it" method which actually is
broken by design.
Actually not checking the "I trust this certificate from now on" reduces
your security, as you will not recognice when some bad guy replaces it or
tries to do man-in-the-middle attacks.
Ciao
--
http://www.dstoecker.eu/ (PGP key available)
More information about the josm-dev
mailing list