Revision history [back]
 | 1 | initial version | posted 2014-06-13 12:32:30 +0200  |
[request] improve "accept untrusted certificates"
With 1.0.6.17 came the nice feature to "accept untrusted certificates" in the settings of email accounts. This way all users / accounts that used some sort of self-signed certificates have a chance to access their email (this may have worked before but does not anymore).
But there is a caveat here: it's more or less a on / off switch which weakens security because _accepting untrusted certificates_ really means accept any certificate. Maybe there is some basic name checking going on but since there is no certificate chain to be checked, any certificate that _seems_ to be valid will be accepted.
Please build in a feature that I can determine which certificate is the right one and to be trusted in future. And / or build in a feature to load a certificate into some kind of certificate store so that even self signed certs are accepted without any hassle.
[request] improve "accept untrusted certificates"
With 1.0.6.17 came the nice feature to "accept untrusted certificates" in the settings of email accounts. This way all users / accounts that used some sort of self-signed certificates have a chance to access their email (this may have worked before but does not anymore).
But there is a caveat here: it's more or less a on / off switch which weakens security because _accepting untrusted certificates_ really means accept any certificate. Maybe there is some basic name checking going on but since there is no certificate chain to be checked, any certificate that _seems_ to be valid will be accepted.
Please build in a feature that I can determine which certificate is the right one and to be trusted in future. And / or build in a feature to load a certificate into some kind of certificate store so that even self signed certs are accepted without any hassle.
| | 3 | retagged |
[request] improve "accept untrusted certificates"
With 1.0.6.17 came the nice feature to "accept untrusted certificates" in the settings of email accounts. This way all users / accounts that used some sort of self-signed certificates have a chance to access their email (this may have worked before but does not anymore).
But there is a caveat here: it's more or less a on / off switch which weakens security because _accepting untrusted certificates_ really means accept any certificate. Maybe there is some basic name checking going on but since there is no certificate chain to be checked, any certificate that _seems_ to be valid will be accepted.
Please build in a feature that I can determine which certificate is the right one and to be trusted in future. And / or build in a feature to load a certificate into some kind of certificate store so that even self signed certs are accepted without any hassle.