[Haskell-cafe] [Security] Put haskell.org on https
changaco at changaco.net
Sun Oct 28 17:10:39 CET 2012
On Sun, 28 Oct 2012 16:39:10 +0100 Iustin Pop wrote:
> Sure, but I was talking about a proper certificate signed by a
> well-known registrar, at which point the https client would default to
> verify the signature against the system certificate store.
It doesn't matter what kind of certificate the server uses since the
client generally doesn't know about it, especially on first connection.
Some programs remember the certificate between uses and inform you
when it changes, but that's not perfect either.
> Yes, I'm fully aware that this is not fully safe, but I hope you agree
> that https with a proper certificate is much better than plain http.
I agree that X.509 provides some protection, but PGP is better.
My point was: when possible don't rely on X.509 for security, build a
Web of Trust instead.
More information about the Haskell-Cafe