On 05/28/2014 06:01 PM, Karl Dubost wrote: > Andrew, > > Le 29 mai 2014 à 09:50, Andrew Sutherland <asutherl...@asutherland.org> a > écrit : >> Trusting you as a human doesn't translate into protecting the users of your >> server from man-in-the-middle attacks. >> How do you translate the human trust into the technical trust >> infrastructure supported by Firefox and Thunderbird and the rest of the >> Internet? > > I was replying to the self-signed certificate == laziness. > What I'm saying is that if you have 4 users on your server. You may decide to > create a certificate yourself and educate your users about what message the > certificate will send to their mail client and teach them why they can accept > the warning message in this case.
But without verifying that the certificate they received is the certificate you created, those users are open to attack. On desktop we unfortunately allowed this to become common. We have an opportunity here to not make the same mistake on mobile. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
