Mailinglist Archive: opensuse-security (570 mails)
| < Previous | Next > |
Re: [suse-security] Plaintext passwords IMAP please!
- From: Maarten v d Berg <maarten@xxxxxxx>
- Date: Wed, 14 Jan 2004 18:36:07 +0100
- Message-id: <200401141836.07196.maarten@xxxxxxx>
On Wednesday 14 January 2004 17:29, BarkerJr wrote:
> > however teaching all the clients that they should trust a self-signed
> > cert sure isn't, so this may not be a viable option for you anyway.
>
> Sounds like an Outlook Express issue to me. Don't blame SuSE for
> Microsoft's shortcomings.
To be fair, that is not what I meant. Every good client should complain about
a certificate without a chain of trust. What I meant was is that there are
several ways to avoid or solve this, like importing a root CA cert or telling
all the clients to trust certain certificates. And my point was that without
knowing how many client machines we're talking about, it is not for us to say
if such a change is simple (or even feasible).
But now we're on the subject, I do believe a problem lies with microsofts'
implementation since I am still having great trouble to convince M$ hosts to
trust my root CA. It imports fine, installs fine and works fine. Then, after
the next reboot everything is gone and we get the Nag-boxes back... :-((
On the other hand I never had any trouble telling mozilla or konqueror they
must henceforth trust my root CA. But windows keeps forgetting it trusts me.
(To be honest, it WOULD be bad judgement for a windows box to trust me... ;-))
Maarten
> > however teaching all the clients that they should trust a self-signed
> > cert sure isn't, so this may not be a viable option for you anyway.
>
> Sounds like an Outlook Express issue to me. Don't blame SuSE for
> Microsoft's shortcomings.
To be fair, that is not what I meant. Every good client should complain about
a certificate without a chain of trust. What I meant was is that there are
several ways to avoid or solve this, like importing a root CA cert or telling
all the clients to trust certain certificates. And my point was that without
knowing how many client machines we're talking about, it is not for us to say
if such a change is simple (or even feasible).
But now we're on the subject, I do believe a problem lies with microsofts'
implementation since I am still having great trouble to convince M$ hosts to
trust my root CA. It imports fine, installs fine and works fine. Then, after
the next reboot everything is gone and we get the Nag-boxes back... :-((
On the other hand I never had any trouble telling mozilla or konqueror they
must henceforth trust my root CA. But windows keeps forgetting it trusts me.
(To be honest, it WOULD be bad judgement for a windows box to trust me... ;-))
Maarten
| < Previous | Next > |