5 Dec
2003
5 Dec
'03
12:27 p.m.
On Fri, 05 Dec 2003 10:26:33 CST, Adi Linden said:
So what does the PKI actually buy you that using a throwaway self-signed cert doesn't provide?
No popup box on the browser asking to accept the certificate.
"Pay us $1,000 or we'll annoy your users with popups". Sounds suspiciously like the extortion angle used recently against somebody who was using Windows Messenger pop-op spam to advertise their "stop pop-up spam" product. I'm however missing the actual security angle (remember that the lack of a warning doesn't mean you actually connected securely with who you thought you did).