Re: [tlug] SSH Issues

[Edward Middleton <emiddleton@example.com>]

Stephen J. Turnbull wrote:
> Edward Middleton writes:
>
>  > I guess the question is whether it is worth using SSL at all in
>  > situations where self signed certificates are used.  If you considering
>  > that a standard SSL certificate cost about $20 a year, and just running
>  > SSL requires significantly more system resources the benefits of running
>  > a non-authenticated server seem pretty minimal.
>
> Of course.  However, as Curt[1] correctly points out (and I missed his
> meaning), it's not just a matter of *you* running an authenticated
> server, it's a matter of me checking the certs and paying attention to
> warning from the TLS layer.
>   

As I think you pointed out earlier in relation to the MacPorts site, you
won't get warnings if SSL is setup correctly[1].  The point of adding CA
certs to the browser is so that it can perform server authentication
automatically without user intervention.  Thats not to say there aren't
some fatal flaws with PKI used in SSL (particularly in dealing with
compromised private keys) but it is seamless with most browsers if the
server is setup correctly.  Obviously non-authenticated connection
provides some utility in your situation but it is to security what a
sheet of newspaper is to shelter.

Edward

1. the exception being if you have setup to warn on connecting to a
secure site.