chuso.net

Category: Security

  • Trusting invalid SSL certificates is wrong
    So let me put it clear from the first line: trusting invalid certificates is wrong. And now I will explain why it’s wrong and why there are few excuses for it. We are talking here about certificates for SSL encryption, which serves basically two purposes: Privacy — data is transferred encrypted and can only be decrypted by the intended recipient and not a third party wiretapping the line. Authentication — making sure the receiving end that will be able to decrypt the data is who they claim to be and data is not diverted to a different receiver by a third party with access to manipulating our transfers.