Hi Raymund, On Tue, 12 Sep 2006 23:28:20 +0200 UTC (9/12/2006, 4:28 PM -0500 UTC my time), Raymund Tump wrote:
>> This is wrong...... it should ***ALWAYS*** be left to the user to decide >> whether to continue to use any cert, whether expired, or incorrect name, or >> whatever reason.... R> Well, that depends on the protocol. what protocol is that? RFC 2060 or 3501, or what? R> It is not always up to the user to decide if the protocol (SSL, TLS, R> whatever) has defined that all certs used have to be valid and an expired R> cert isn't valid. The protocol as you call it, (SSL, TLS) does not define that the certs have to be valid, never has. It is the client, TB!, that has decided for me not to accept it. It should be always up to the user to accept *any* cert. Every email client I have ever used with IMAP (about 30+ of them), over the last 10 years, allows one to accept a cert for whatever reason, if I so choose, either on a temp or permanent basis, EXCEPT TB! R> What if a user can use even an revoked certificate? That would break R> any security policies. what security policies in IMAP(s)? Any user who has an IMAP account, has to provide auth to get into his account in the first place. SSL provides a secure mechanism for this, that's all it does. If this server was set up to provide just normal IMAP on port 143, I would have no problems getting in. Like I said, TB! is keeping me from making that decision, and I cannot log onto a remote IMAPs account, even though I have to be authorized by passwrd ... so TB! is useless to me currently. -- Gary ________________________________________________________ Current beta is 3.85.03 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/