Re: RFC: Handling of certificates in Debian
On Sat, Aug 31, 2002 at 12:18:04AM +0100, Andrew McDonald wrote:
> Even the hostname check can be problematic - does the user really need
> to accept the certificate every time because the name doesn't match?
I think the issue is this: if no hostname check is done, how to you know
you really are authenticating the remote host by the certificate you
think you should be (say www.secure.org) and not another certificate
instead (say www.crackers.com)? You might think you are accessing
www.secure.org, but if you authenticated the remote host with
www.crackers.com, chances are you may not be.
Of course, if the user manually checks the certificate, there would be
no problems, but how many people will manually check?
(note that I really like this realiance on checking the hostname, for
instance it doesn't work properly with virtual name domains under https,
but it somehow seems to have become the defacto default, and we seem to
be stuck with it for now).
> (I've solved this for mutt by using a cache where I save the hostname
> against the certificate fingerprint, mozilla does something similar.)
I would imagine you would have to manually update this each time
a new certificate is issued (unless I am mistaken).
Brian May <email@example.com>