Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

But when you browse over http, you don't know who you're talking to either, so how are self-signed certificates worse than http?

I'm really having trouble figuring out the attack scenario unique to self-signed certificates that you don't have with plain http.



Security-wise, if they are both vulnerable to trivial exploits, how can you say one is "more secure" than another?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: