#3916: Mutt 1.8: TOFU host certificate not working
-----------------------+----------------------
Reporter: kratem32 | Owner: mutt-dev
Type: defect | Status: new
Priority: major | Milestone: 1.8
Component: crypto | Version:
Resolution: | Keywords: tofu
-----------------------+----------------------
Changes (by gahr2):
* priority: minor => major
* type: enhancement => defect
Comment:
Replying to [comment:10 m-a]:
> I don't see it as a bug either, but rather a missing special feature. I
acknowledge there is a point in providing **some** way for users to
restrict what they want to trust, by cutting chains, but I wonder if we
need to expose it through mutt's user interface. Ultimately users claim
to improve security by avoiding rogue or dodgy CAs, but I question that
TOFU is any better. If you see a certificate change, is that because (a)
an eavesdropping has started, (b) an eavesdropping has ended, or (c)
someone just reissued the host's certificate - which will be rather
frequent if it's a Let's Encrypt certificate, or behind certain load
balancing setups. This looks like self-inflicted pain somewhat. If we
add something to the UI, it should be a "skip trusting this certificate".
I totally agree with you. The new way of handling certificate chains is
sound, it's the expected behaviour for most, and the improved security in
the use case exposed by kratem32 is at least questionable. Though, having
an option to select which subchain to accept would be nice.
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3916#comment:12>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
