[117703] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: delegating SSL certificates

daemon@ATHENA.MIT.EDU (Dave Howe)
Wed Mar 19 14:46:43 2008

Date: Wed, 19 Mar 2008 18:41:08 +0000
From: Dave Howe <DaveHowe@gmx.co.uk>
To: "cryptography@metzdowd.com >> Email List - Cryptography" <cryptography@metzdowd.com>
In-Reply-To: <20080317184945.22564.qmail@simone.iecc.com>

John Levine wrote:
>> | Presumably the value they add is that they keep browsers from popping
>> | up scary warning messages....
>> Apple's Mail.app checks certs on SSL-based mail server connections.
>> It has the good - but also bad - feature that it *always* asks for
>> user approval if it gets a cert it doesn't like.
> 
> Good point -- other mail programs such as Thunderbird also pop up
> the scary warnings.  I've paid the $15 protection money for the certs
> on my mail servers.

I have found that just adding the cert to the local keystore had pretty 
much the same effect. There is a nice addon for Thunderbird/Firefox 
(which will apparently be a native ability in v3 of the latter) called 
"remember mismatched domains" that lets you suppress an error for a 
specific cert/domain mismatch.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post