[Haskell-cafe] [Security] Put haskell.org on https
Iustin Pop
iusty at k1024.org
Sun Oct 28 19:16:11 CET 2012
On Sun, Oct 28, 2012 at 05:10:39PM +0100, Changaco wrote:
> On Sun, 28 Oct 2012 16:39:10 +0100 Iustin Pop wrote:
> > Sure, but I was talking about a proper certificate signed by a
> > well-known registrar, at which point the https client would default to
> > verify the signature against the system certificate store.
>
> It doesn't matter what kind of certificate the server uses since the
> client generally doesn't know about it, especially on first connection.
> Some programs remember the certificate between uses and inform you
> when it changes, but that's not perfect either.
The client doesn't have to know about it, if it can verify a chain of
trust via the system cert store, as I said above.
regards,
iustin
More information about the Haskell-Cafe
mailing list