Comment by hawleyal
11 years ago
Because encryption with SSL without trust of the SSL cert is meaningless. It might as well be not encrypted.
11 years ago
Because encryption with SSL without trust of the SSL cert is meaningless. It might as well be not encrypted.
I wonder if this is true.
If there's a man in the middle, then they can read the traffic. But others still have a problem.
With HTTP, you know that everyone can read the traffic.
I think unsigned certs, especially with pinning, can be used to make wholesale collection of internet traffic vastly more difficult.
Now you are talking about obscurity, not security. In my opinion.