Comment by Joeri
11 years ago
But when you browse over http, you don't know who you're talking to either, so how are self-signed certificates worse than http?
I'm really having trouble figuring out the attack scenario unique to self-signed certificates that you don't have with plain http.
Security-wise, if they are both vulnerable to trivial exploits, how can you say one is "more secure" than another?