tags 355192 - security quit On Wed, 16 Jan 2008 23:58:03 +0100 Francesco Poli <[EMAIL PROTECTED]> wrote:
> tag 355192 + security > thanks > > > It seems that other people agree that problems like this may be > considered as a security issues: > > | Unfortunately it is not possible to tell the device to remember the > | decision which means that when the device prompts it will prompt every > | time it connects to the server in question. The result of this is user > | irritation and a reduction in security since there is much less chance > | that a changed server certificate will be noticed. > [from http://www.sirena.org.uk/log/?p=64 on a similar issue with a > phone IMAP client] Less chance of noticing a changed certificate? Only if you blindly accept dialogs without reading it. Do you? Because if you take care of reading it every time it's presented the chance of noticing any change is higher, unless your memory works the opposite of the rest of the people and degrades by reinforcement. Anyway I basically agree on the annoying part and that the certificate should be presented only when changed, so I'll be forwarding this upstream soon. Nothing guarantees it will be fixed, though. regards, P.S.: My apologies for having no time for this bug before. -- Ricardo Mones http://people.debian.org/~mones «You will be imprisoned for contributing your time and skill to a bank robbery.»
signature.asc
Description: PGP signature
