[Users] Weird certificate update popups
Michael Schwendt
bugs.michael at gmx.net
Wed Feb 19 21:05:47 UTC 2025
On Wed, 19 Feb 2025 16:07:21 +0000, Slavko wrote:
> Are you aware, that Let's Encrypt announced support of certificates
> valid for 6 days?
Do I need to?
Claws Mail's developers have made the fully automatic accepting of valid
certs an option in the settings, which defaults to "off". IOW, if you
want to rely on it, then turn it "on" _and_ trust the CA chain.
> In other words, manual certificate check is mostly false feel of
> security.
Only if not automatically accepting a cert if it's "valid", you can
add some brief plausability checks for Owner, Signer, fingerprint.
If user only clicks away the notification dialog, it's not worse
compared with automatically accepting the valid cert.
More information about the Users
mailing list