|
| From: | Daniel Stenberg |
| Subject: | RE: [Bug-wget] (no subject) |
| Date: | Wed, 29 Jul 2009 10:14:24 +0200 (CEST) |
| User-agent: | Alpine 2.00 (DEB 1167 2008-08-23) |
On Tue, 28 Jul 2009, Tony Lewis wrote:
Using --no-check-certificate is akin to clicking a button in a web browser to trust the server's certificate. Most users do not the technical expertise to evaluate the validity of such certificates before accepting them in the web browser or wget.
That's why trust is done by CAs, not users. So your browser is made to trust a set of CAs that issued the certs the servers use and thus you (assuming you buy into the entire concept) can trust the site because you trust your browser that trusts the CAs...
Yes, and there is the potential that the typical user is subject to a man-in-the-middle attack when accepting self-signed certificates or any other certificate that cannot be verified by the client (browser or wget).
That "attack" could just as well simply be monitoring your traffic passing it along to the real site, snooping on your passwords etc that you believe are secure because you send them encrypted!
Using --no-check-certificate transfers the trust in the certificate from the digital signature of a remote certificate authority to the user.
But how on earth can a user tell for sure that the server is indeed exactly the host it wants, and not anything else or going via something else? There's simply no way you can be sure as a user without stronger verifications. You cannot just check contents. You cannot just check IP addresses.
Sure, if your server is on your local network and there's nothing that could be in between you can be rather safe. But that's an unusual case and I would claim that it is much better to train and educate users for the real and actual internet cases rather than the small fraction of inhouse experiments.
-- / daniel.haxx.se
| [Prev in Thread] | Current Thread | [Next in Thread] |