Re: [Evolution] SSL certificates and Man in the Middle attacks
- From: Bastien Durel <bastien geekwu org>
- To: evolution-list gnome org
- Subject: Re: [Evolution] SSL certificates and Man in the Middle attacks
- Date: Mon, 10 Sep 2012 10:26:27 +0200
Le dimanche 09 septembre 2012 Ã 22:40 -0400, Jeff Fortin a Ãcrit :
Hi there,
As far as I can tell, Evolution uses a default set of SSL certificate
authorities.
[...]
Will the user get (I hope) a big scary "SOMETHING IS VERY WRONG" warning
like SSH does when server fingerprints don't match?
I'm of course not a security expert, but would like some reassurance
that Evolution is actually safe against this scenario.
Thanks
As users (mostly) ignore security warnings[1], it should be useless,
IMHO.
SSH does not targets same users than browsers or mail readers, so users
are more likely to read them. (And SSH keys doesn't expires, so you can
keep fingerprints for ages)
[1] http://lorrie.cranor.org/pubs/sslwarnings.pdf
--
Bastien Durel
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]