[Users] gmail certs
Brian Morrison
bdm at fenrir.org.uk
Wed May 28 17:49:49 CEST 2014
On Wed, 28 May 2014 17:44:16 +0200
Colin Leroy wrote:
> On Wed, 28 May 2014 17:38:10 +0200, Andrej Kacian <andrej at kacian.sk>
> wrote:
>
> > > Now that we have proper certificate chain verification, I'm
> > > starting to wonder whether we should accept correctly signed
> > > certificates automatically.
> >
> > Please, if so, make this a (hidden) configurable option. Not
> > everyone trusts CA signatures. :)
>
> Yes, and a certificate changing when not close to expiring and with a
> different signer, although valid technically, is suspicious.
>
> That's why we left that warning. But this gmail thing is an annoyance.
>
Maybe it could be made to do this for specified domains? That way it
can be left to the individual to decide that they didn't trust Google
anyway so doing it for gmail.com won't matter.
--
Brian Morrison
More information about the Users
mailing list