[Users] [Bulk] [Bug 2738] Erroneous rotation of SSL certificates

Kevin Chadwick ma1l1ists at yahoo.co.uk
Sat Sep 29 14:42:25 CEST 2012

> > Conversely though there is no difference between accepting three
> > previously accepted certificates as accepting one as long as the same
> > checks have occurred and it is not silent, as going back to an old
> > certificate could be a problem but as long as the user is made aware
> > perhaps with when it was last seen, it shouldn't be.   
> Well, yes, there is. Once an SSL certificate is superseded it is
> superseded forever. This follows from the requirement that a socket
> have exactly one certificate.
> Say that a compromised Comodo or DigiNotar certificate for Google got
> into your certificate cache. If Claws Mail did what you describe then it
> would continue to silently use this valid (because it is valid within
> the CA trust structure) certificate until the compromise is discovered
> and the certificate is revoked. Or, as in the DigiNotar case, the entire
> CA is removed from the root CA list.

If you re-read what I had said you should see that I understand that
and is something that due to bad design can only be involved currently
in user checks, it doesn't change the fact that accepting one or three
certificates security wise is irrelevant as long as the user evaluates
the currently used certificate, it could be that the new cert is a
rogue or compromised certificate and the old one is secure and we can't
depend on automatic revocation. I'm sure you realise too that if your
data had been captured in the past it is also open to replay attacks,
something Google has apparently tried to battle with non standard
perfect forward secrecy which may??? be the reason that Google breaks
some/many systems at the MTA level to no SSL at all.

SSL is broken but claws should be a little more informative. I guess
this does show that any message would have to point to more
information which may be why it is so.

> Since you've mistakenly, unwittingly perhaps, approved the valid but
> inauthentic certificate it will be used whenever you get the spoofed
> socket instead of the real deal. And it will continue to be used
> forever or until its expiry date or until revoked once someone notices.
> Or you can use Claws Mail in its default state which will let you know
> that maybe something isn't kosher.


'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

More information about the Users mailing list