dnssec-trigger + GNOME + NetworkManager integration

drago01 drago01 at gmail.com
Thu Jul 2 14:04:37 UTC 2015

On Thu, Jul 2, 2015 at 2:33 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
> Am 02.07.2015 um 02:30 schrieb Michael Catanzaro:
>> On Wed, 2015-07-01 at 19:59 -0400, Paul Wouters wrote:
>>> Principles are good and well. But how many times did you actually USE
>>> that option you so reluctantly implemented? :)
>> Actually, I honestly don't remember ever using it except testing it
>> during development. I just don't visit broken sites. They are few and
>> far between nowadays
> that's nonsense
> a self signed certificate is exactly as secure as a CA certificate you pay
> for after there are hundrets and thousands by default trusted CA's in the
> browsers with the only difference you have to accept it once

No its not. Because everyone can issue them you can't really know
whether it is from who it claims to be from ... even in case you can
its in case an attacker gains access of it the issuer can't really
revoke it anymore.
Browsers do show those warnings for self signed certs for a reason and
that reason is *not* to sell certificates.

More information about the devel mailing list