John Levine wrote:
| Presumably the value they add is that they keep browsers from popping
| up scary warning messages....
Apple's Mail.app checks certs on SSL-based mail server connections.
It has the good - but also bad - feature that it *always* asks for
user approval if it gets a cert it doesn't like.

Good point -- other mail programs such as Thunderbird also pop up
the scary warnings.  I've paid the $15 protection money for the certs
on my mail servers.

I have found that just adding the cert to the local keystore had pretty much the same effect. There is a nice addon for Thunderbird/Firefox (which will apparently be a native ability in v3 of the latter) called "remember mismatched domains" that lets you suppress an error for a specific cert/domain mismatch.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to