Bitcoin Forum

SSL is still self-signed

This is a public credibility problem

I'm not looking to hear again that self signed certificates are better, more secure, or any conspiracy theories from CA's, or that the public should configure their browsers to trust them.  I'm looking to repeat a reminder that having user's browsers display security warnings is a way of fostering mistrust and is a pretty ironic observation for a project that asks people to trust their money to cryptography.

How many months in a row must this issue be brought up before something can be done about it?

I don't know much about certificates, so correct me if I'm wrong, but:

Basically with a self-signed certificate you just have to accept it the first time you connect to the website, and then, if later I'm being warned that the certificate is not the same anymore, then I can suspect there has been something smelly, and ask around about it.

To me that sounds pretty much as good as relying on a third party "certificate authority".

In Chrome on Linux you have to accept it the first time, and Chrome will remember it until you shut down the browser.  Next time you open the browser you'll have to accept it again.

I think going for a CAcert or a StartSSL certificate is a good idea.

Cheers,

I agree it is basically the same, but the later doesn't scare people with a warning.  I think enough people would pitch in for the SSL cost to make the issue go away, if money is the only problem.  I'm not aware of the past history of this request though.

HTTPS is not default here. To have it, you need to explicit ask for it. People who don't even know what a certificate is would just remain in HTTP.

Ha, ok, I just realized that, so what are the advantages to SSL for this site?  I don't login to access secure info, so I'm not that worried, what are others concerns?