[__david__]

> Having a self-signed cert > http.

It really depends on what exactly you are talking about. For a Man-in-the-middle attack, your statement is false. For passive dragnet surveillance, your statement is true.

I think people underestimate MITM attacks...

[tomjen3]

Doesn't really matter, does it? Even if MITM attacks are 99% of all attacks that doesn't leave you any worse of with a self-signed certificate. Better yet you are able to use a root certificate only trusted by most, rather than all, browsers because you secure that much of your traffic (which could easily be the 80+% that runs a modern browser, just not the few virus infected XP machines) which would enable actual innovation among CAs.

[TheLoneWolfling]

> For a Man-in-the-middle attack, your statement is false.

Not with certificate pinning.

[Dylan16807]

on a case by case basis: >=

overall assessment: >