[Pidgin] #6680: Offline Message Error - rsi.hotmail.com
Pidgin
trac at pidgin.im
Thu Oct 23 12:58:11 EDT 2008
#6680: Offline Message Error - rsi.hotmail.com
-------------------------------------------------------------------------------------+
Reporter: aliam13_2 | Owner: khc
Type: defect | Status: new
Milestone: | Component: MSN
Version: 2.5.1 | Resolution:
Keywords: rsi.hotmail.com Offline Message Invalid certificate authority signature |
-------------------------------------------------------------------------------------+
Comment(by gagern):
https://www.cynops.de/techzone/http_over_x509.html indicates a security
issue with caIssuers, although it's most pronounced in a reverse scenario
with clients sending forged certs to trick servers into fetching arbitrary
URLs. Assuming rsi.hotmail.com has no undue interest in having its clients
open any URLs, exploiting this in a theoretical Pidgin setup would involve
DNS spoofing as well.
Nevertheless, the existence of this security might be a valid point for
Library developers not to implement this feature, and perhaps also a good
reason when trying to get Microsoft to have their server send the whole
chain itself.
--
Ticket URL: <http://developer.pidgin.im/ticket/6680#comment:20>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list