Open ghost opened 10 years ago
You could say we already do this: if you specify https://, then HTTPS will be used. The site that displays this output from Counterblock API can validate the certificate on its own. If the site refuses self-signed or "invalid" certificates, then it can not display the contents, or display asset details so that it's clear the certificate didn't validate.
We don't validate certificates, but we could.
Maybe it'd be okay to enforce validation, but someone should take a look at the current situation and see how many certificates are invalid, just to estimate the impact.
Requested by several users, and generally a good idea.
http://blog.coinprism.com/2014/09/10/proof-of-authenticity-of-cryptoassets/