On 12/25/10 2:45 PM, Charles Marcus wrote:
It sounds like we are saying the same thing here. When you "accept" an insecure certificate, it is remembered, but not installed (and the OP was getting periodic "trust this?" questions). If you want to accept it permanently, you need to install a *.crt. Regardless, it could be a catch-22, in practice. In order to securely receive the *.crt, the certificate would need to be placed on a site under your control protected by https, which itself could not be self-signed. If you have a "real" https certificate, then you probably have a "real" imaps/smtps certificate. What is the risk / purpose of the certificate? If a malicious party is able to give you and have you trust a hijacked *.crt file, then they could impersonate/intercept/eavesdrop a presumed secure connection to the target server (given malicious local dns, for example). If you use iPhone Safari to browse to an http site, then accept and install a downloaded *.crt file, you could be downloading a file from a malicious party. A subsequent "secure" connection would actually be to the malicious party. If you download the *.crt file from a secure https site, you have a secure chain of trust, and you can trust the *.crt file has not been altered. -- -Justin [email protected] |
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
