[josm-dev] How to run applet?
Dirk Stöcker
openstreetmap at dstoecker.de
Fri Mar 4 21:04:57 GMT 2011
On Fri, 4 Mar 2011, Mike N wrote:
>> Actually not checking the "I trust this certificate from now on" reduces
>> your security, as you will not recognice when some bad guy replaces it
>> or tries to do man-in-the-middle attacks.
>
> Not checking default trust can reduce security related to operations on
> this site, but opens a hole in the hypothetical case where someone uses a
> leaked certificate on a more important site such as banking; a man in the
> middle attack would not be detected.
Well. When accepting a non-standard certificate you should always verify
why it is not accepted and then decide (once!) if you trust it or not.
It's that simple. Your original texts suggest not to accept self-signed
certificates in general and that is actually plain wrong.
> It's quite possible that the certificate on josm.openstreetmap.de is safer
> than a purchased certificate, but I just didn't take the time to check it all
> out.
Very easy to decide: If you trust the JOSM download and use the software,
you also can accept the certificate. Otherwise if you think you can't
accept the certificate, you also should not download and use the software.
Simple, isn't it?
Ciao
--
http://www.dstoecker.eu/ (PGP key available)
More information about the josm-dev
mailing list