delegating SSL certificates
Dave Howe
DaveHowe at gmx.co.uk
Wed Mar 19 14:41:08 EDT 2008
John Levine wrote:
>> | Presumably the value they add is that they keep browsers from popping
>> | up scary warning messages....
>> Apple's Mail.app checks certs on SSL-based mail server connections.
>> It has the good - but also bad - feature that it *always* asks for
>> user approval if it gets a cert it doesn't like.
>
> Good point -- other mail programs such as Thunderbird also pop up
> the scary warnings. I've paid the $15 protection money for the certs
> on my mail servers.
I have found that just adding the cert to the local keystore had pretty
much the same effect. There is a nice addon for Thunderbird/Firefox
(which will apparently be a native ability in v3 of the latter) called
"remember mismatched domains" that lets you suppress an error for a
specific cert/domain mismatch.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list