[117703] in cryptography@c2.net mail archive
Re: delegating SSL certificates
daemon@ATHENA.MIT.EDU (Dave Howe)
Wed Mar 19 14:46:43 2008
Date: Wed, 19 Mar 2008 18:41:08 +0000
From: Dave Howe <DaveHowe@gmx.co.uk>
To: "cryptography@metzdowd.com >> Email List - Cryptography" <cryptography@metzdowd.com>
In-Reply-To: <20080317184945.22564.qmail@simone.iecc.com>
John Levine wrote:
>> | Presumably the value they add is that they keep browsers from popping
>> | up scary warning messages....
>> Apple's Mail.app checks certs on SSL-based mail server connections.
>> It has the good - but also bad - feature that it *always* asks for
>> user approval if it gets a cert it doesn't like.
>
> Good point -- other mail programs such as Thunderbird also pop up
> the scary warnings. I've paid the $15 protection money for the certs
> on my mail servers.
I have found that just adding the cert to the local keystore had pretty
much the same effect. There is a nice addon for Thunderbird/Firefox
(which will apparently be a native ability in v3 of the latter) called
"remember mismatched domains" that lets you suppress an error for a
specific cert/domain mismatch.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com