[josm-dev] How to run applet?
Mike N
niceman at att.net
Fri Mar 4 19:44:16 GMT 2011
On 3/4/2011 2:32 PM, Dirk Stöcker wrote:
> Actually not checking the "I trust this certificate from now on" reduces
> your security, as you will not recognice when some bad guy replaces it
> or tries to do man-in-the-middle attacks.
Not checking default trust can reduce security related to operations
on this site, but opens a hole in the hypothetical case where someone
uses a leaked certificate on a more important site such as banking; a
man in the middle attack would not be detected.
It's quite possible that the certificate on josm.openstreetmap.de is
safer than a purchased certificate, but I just didn't take the time to
check it all out.
More information about the josm-dev
mailing list