[Users] [Bug 2738] Erroneous rotation of SSL certificates

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Fri Sep 28 19:52:53 CEST 2012


--- Comment #17 from Colin Leroy  2012-09-28 19:52:53 ---
Yes, Brad was spot-on on the option to use, but it's true that he mostly
described the skip_ssl_check option :)

Accepting and saving multiple certificates for a single host is less safe in
the following way (quoting ratinox at gweep.net on the ML):

> 'correct'.  If it wants to bark about it, it should do so in a
> functional way which enhances security and is usable.  What it  

Automatically accepting multiple certificates for a socket is a
security risk. For example, a certificate obtained from a compromised
CA can be used in MITM attacks. DigiNotar revealed last year that it
was tricked into issuing a valid wild card SSL cert for Google. Prior to
that, Comodo revealed that it had been tricked into issuing valid
certificates for Google, Yahoo and Skype.

>From an algorithmic perspective there is no difference between Google's  
"rotating" of SSL certificates and a third party MITM attack using a
valid but illegal certificate on a spoofed IP. The trust chains link
back to valid CAs and valid signatures. The only reliable way to
determine a certificate's authenticity is using the Mark I Eyeball to
compare certificates to known and verified goods every time the
certificates change. Anything else leaves your accounts
silently vulnerable to MITM attacks.

Also, further discussion on the subject would be more in-place on the
mailing-list than on Bugzilla.

Configure bugmail: http://www.thewildbeast.co.uk/claws-mail/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Users mailing list