[Cryptography] How to get certificates on email server?
grarpamp
grarpamp at gmail.com
Sat Apr 23 17:27:34 EDT 2016
On 4/19/16, Henry Baker <hbaker1 at pipeline.com> wrote:
> Unfortunately, this little episode emphasizes again how brittle the whole CA
> structure is.
>
> How many of the 1+ billion email customers can be expected to do this kind
> of debugging?
>
> Since *TRUST* isn't going away anytime soon, we're going to need better &
> more easily usable tools to test the chain-of-trust (aka MITM chain !).
Unfortunately nobody in this whole thread thought to recommend
verifying the cert fingerprint with the operator of the server itself,
or to use an observatory, or to pin down the cert. So yes, you're
still vulnerable to common mitm / rogue ca after all this work.
More information about the cryptography
mailing list