On 2010-12-26 11:52 AM, Justin Vallon wrote:
> It sounds like we are saying the same thing here.
Probably... ;)
> When you "accept" an insecure certificate, it is remembered, but not
> installed (and the OP was getting periodic "trust this?" questions).
> If you want to accept it permanently, you need to install a *.crt.
Not with Firefox - it provides the option to store the cert exception
permanently. But yeah, IE (and Outlook) really bug me because they don't...
> What is the risk / purpose of the certificate? If a malicious party
> is able to give you and have you trust a hijacked *.crt file, then
> they could impersonate/intercept/eavesdrop a presumed secure
> connection to the target server (given malicious local dns, for example).
>
> If you use iPhone Safari to browse to an http site, then accept and
> install a downloaded *.crt file, you could be downloading a file from
> a malicious party. A subsequent "secure" connection would actually be
> to the malicious party. If you download the *.crt file from a secure
> https site, you have a secure chain of trust, and you can trust the
> *.crt file has not been altered.-Justin
All true - but since I generally always do things like this here in the
office, where I know my DNS isn't poisoned/hijacked, it isn't an issue...
But you are correct otherwise...
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and,
should the need arise, upgrade to a full multi-node Oracle RAC database
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Courier-imap mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
