Re: [Issue 650] Changed - certificate handling

From: Peter Mathiasson <peter_at_mathiasson.nu>
Date: 2002-04-09 22:37:41 CEST

On Tue, Apr 09, 2002 at 11:20:57AM -0400, Greg Hudson wrote:
> On Tue, 2002-04-09 at 11:04, Kevin Pilch-Bisson wrote:
> > Sorry, I should have read the whole issue. I would say that only a small part
> > of the stuff mentioned in the issue needs to be done for alpha. Namely
> > caching the server certs or there fingerprints so that we can detect
> > man-in-the-middle attacks.
>
> Eh? This is not ssh. Either a certificate is signed by a chain leading
> to a trusted CA or it's not.
>
> I suppose you could cache self-signed certificates so that you'd know if
> you're getting the same one each time, but certificates do expire, so
> that's not especially valuble.

I use self-signed certificates, and send them to thoose who need them
through a trusted channel; phone or gpg signed email.

Saving certificate fingerprints, or even whole certificates is a must.
There should also be a way to pre-install certificates prior to the
first use.

I'm not saying this is an important issue for the time being, but
sometime in the future it should be implemented.

-- 
Peter Mathiasson, peter at mathiasson dot nu, http://www.mathiasson.nu
GPG Fingerprint: A9A7 F8F6 9821 F415 B066 77F1 7FF5 C2E6 7BF2 F228

application/pgp-signature attachment: stored

Received on Tue Apr 9 22:38:43 2002

This message: [ Message body ]
Next message: Garrett Rooney: "Re: svn import fails"
Previous message: Nathan Fiedler: "Re: svn import fails"
In reply to: Greg Hudson: "Re: [Issue 650] Changed - certificate handling"
Next in thread: Greg Stein: "Re: [Issue 650] Changed - certificate handling"
Reply: Greg Stein: "Re: [Issue 650] Changed - certificate handling"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]