Quote:
Originally Posted by Joe Ross
Are you expecting that someone will spoof or MITM first choice in the next 3 hours? Otherwise, I'm not sure what the objection is to a self signed certificate. The data is still encrypted.
I'm not seeing a self-signed certificate anyway. Back to the AlphaSSL certificate it was using yesterday.
|
It's bad security practice, and calls into question how well the data is safeguarded. I'm okay with using self-signed for my personal projects where I'm just encrypting a stream; I expect better from a commercial site with real use and real consequences for a data breach.
Looks like it doesn't matter anyway. I applaud AndyMark for being willing to make this call instead of the website having issues while live.