security question on MSN issue (your ticket 8175)

Ethan Blanton elb at pidgin.im
Mon Jan 26 11:59:21 EST 2009


Rodney Thayer spake unto us the following wisdom:
> I'm researching the cert glitch you describe as ticket 8175 (the
> contacts.msn.com thing.)  To me this looked like an issue because
> the EV sub-root isn't in your root store.  You don't seem to be
> describing it that way. If you want to chat about this issue I'd
> be interested.  I've got background in the SSL implementation
> world.

You are correct, the problem is that Microsoft is not providing the
full certificate chain, and the signing cert above the last they
provide is not shipped by Pidgin.  (I'm not sure if any Linux
distributions are shipping it or not.)

> P.s. I found a bunch of cert glitches when investigating this.  I'll
> send you a write-up.

Appreciated.

Ethan

-- 
The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://pidgin.im/pipermail/support/attachments/20090126/fdca02de/attachment.sig>


More information about the Support mailing list