Hello Army, On Mon, 11 Oct 2004 20:44:55 -0600 (12.10.2004 8:44 my local time), received Tuesday, October 12, 2004 at 9:54:58 +0600, you wrote about "SSL/TLS add unknown certificate to Trusted", at least in part:
AR> Whenever the POP/IMAP/SMTP server doesn't provide the root/CA AR> certificate or full chain with the server certificate TB pops up an AR> "Unknown CA certificate" warning. Because The Bat! (not OE, Eudora, ...) verify _full_ chain, always full chain - and it's good AR> In this warning is a few boxes with "OK" and "CANCEL" always selectable, You can use "possibly insecure" connection or drop it AR> giving temporary permission, but "View Certificate" and "Add to Trusted" AR> are rarely selectable (always greyed out for a few accounts) If server doesn't provide full chain, including ROOT certificate - you have _nothing_ to add AR> Please, please. please(!) TB! developers give the choice to the user and AR> make these buttons *Always* selectable! Please, please, please The Bat! users - do not ask to do "bad things"! If you have lame lazy admin on your "secure" server, which think only about OE-users (which can trust everybody and everybody) (or don't think at all - "I do something and it works somehow... let's it run"), you can make your (and other client of this "service") better, if you don't complaint TB developers, but beat admin's head on the wall - "Think, stupid!!! Try to think and use brain, not ass!!!" AR> TB doesn't make this one thing easy for AR> the user to make his/her own mind up about, simply unbelievable. You must not think about it, and make own mind... It's security, not less... "Security over obscurity". You or have security, or haven't AT ALL - there aren't intermediate variations AR> GMX.net, myrealbox.com, and Safe-mail.net all work like a charm allowing AR> me to "Add to Trusted" but us.army.mil and cotse.net, which do not AR> present the entire cert chain TB doesn't allow me to add... These brain-damaged "admins" MUST - or add root certificate to chain - or make it available for download (if they have such big problem with own hands and can't RTFM) There aren't other _good_ ways! Why trust only server's certificate and ignore tests of other certificate in chain is bad idea? (it's shortened and simplified lesson from "Network security essentials") Well... because in this case _you_'ll be vulnerable to rather easy attack Imagine TLS-server victim.domain.tld, which lives on IP 1.1.1.1 and have cert, issued ans signed by "Good CA" Victim's admin doesn't know how to make ROOT-CA cert usable and ignore it, user selected also "trust hostname victim.domain.tld". In some bad day Joe Hacker, using DNS-poisoning (+ probably ARP-spoofing) will be able to route traffic for victim.domain.tld onto another real host (2.2.2.2 - for example)... But this host declared as "victim.domain.tld" and even present valid certificate for "victim.domain.tld"... issued by "Joe Hacker CA" User trust victim.domain.tld, and see nothing bad (or unusual)... After all, user's traffic (already cleaned) can be collected, dissected... and... all security (pseudo-security) ruined in moment. In case of testing root-cert it never happens - you'll get information about changing Root-CA, and can handle such bad signal correctly (and just for note - two valid certificates for one hostname are impossible for good CA, one must /and will/ be revoked immediately) Uff... I had to add it into KB years ago :-) -- Best regards, Alexander Leschinsky Powered by • The Bat! 3.0.1 RC7 • POP3 Catcher 2.0.923.1620 • MyMacros 1.11a • AnotherMacros 0.3.21 /24ED1B1E0/ • Useless Macro Collection 1.3.387 Weakened by Windows XP 5.1.2600
pgpfo0uNwJ0h1.pgp
Description: PGP signature
________________________________________________________ Current beta is 3.0.1 RC/7 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
