[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: useNoSSLForPackages and other badly-conceived options (noticenon-hijacked thread!)



On Sat, 27 Sep 2003, Barry K. Nathan wrote:
[...]
> Besides, SSL provides real security. For instance, the fact that SSL is
> enabled by default was a good defense against this hole:
> https://rhn.redhat.com/errata/RHSA-2003-255.html

Note that SSL is just a tool.  It depends heavily either on Certificate
Authorities to do their job properly, or "opportunistic"  self-signed
certificate exchange working.  It gives close to zero protection if you
connect to a HTTPS site X for the first time, and you don't have any
reference to the certificate the site X is using.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]