[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: useNoSSLForPackages and other badly-conceived options (noticenon-hijacked thread!)

From: Pekka Savola <pekkas netcore fi>
To: fedora-list redhat com
Subject: Re: useNoSSLForPackages and other badly-conceived options (noticenon-hijacked thread!)
Date: Sat, 27 Sep 2003 16:36:08 +0300 (EEST)

On Sat, 27 Sep 2003, Barry K. Nathan wrote:
[...]
> Besides, SSL provides real security. For instance, the fact that SSL is
> enabled by default was a good defense against this hole:
> https://rhn.redhat.com/errata/RHSA-2003-255.html

Note that SSL is just a tool.  It depends heavily either on Certificate
Authorities to do their job properly, or "opportunistic"  self-signed
certificate exchange working.  It gives close to zero protection if you
connect to a HTTPS site X for the first time, and you don't have any
reference to the certificate the site X is using.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

References:
- Re: useNoSSLForPackages and other badly-conceived options (notice non-hijacked thread!)
  - From: Barry K. Nathan

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]