|
|
|
|
|
|
by martin_k
4929 days ago
|
|
|
Disallowing self-signed certificates doesn't improve security of unencrypted connections, but it increases security of all connections using SSL/TLS. It doesn't make you more secure (you don't have strong authenticity in any of those cases), but it certainly makes me more secure. When Gmail fetches email from my provider, which has a certificate signed by a trusted CA, it would have previously accepted any self-signed certificate from an active MITM. |
|
|
How about an option (disabled by default) that allows self-signed certificate per fetched account, e.g., in the "edit info" dialog? I guess everybody would be happy with this one right?