[Users] [Bug 2718] Certification code path review

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Thu Aug 9 09:33:51 CEST 2012


http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2718





--- Comment #3 from Dominique Leuenberger  2012-08-09 09:33:50 ---
1. Agree => Nothing more to be done from your end

2. I think a confirmation from your end that I read that code all right is in
order.

3. The 'issue' arises if the certificate is certified to a trusted root. In
this case, the user is not prompted, won't see the cert details but there is no
verification if the presented certificate belongs to the hostname we tried to
connect to. As such, MITM seems easily possible. This seems to be the main
issue at the moment.

-- 
Configure bugmail: http://www.thewildbeast.co.uk/claws-mail/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the Users mailing list