Comment by lmm
11 years ago
> A self-signed certificate is trivially MITMed unless you have a way to authenticate the certificate.
Trivial? Yes. As trivial as intercepting plain HTTP? No.
The NSA or adversary du jour can vacuum up anything sent over plain HTTP with zero risk. Self-signed HTTPS forces the attacker to commit some resources and, more importantly, run the risk of exposure. Security is not a binary (no encryption scheme is perfect), it's about increasing the cost to attackers.
https://news.ycombinator.com/item?id=8625420
HTTPS with self-signed certificates remains better than plain HTTP. The fact that you can propose an unimplemented, unstandardized, theoretical scheme that would offer the same advantages as HTTPS with self-signed certificates does not make HTTPS with self-signed certificates worse than plain HTTP.