[Pidgin] #15344: Pidgin should optionally remember expired TLS/SSL certificates from servers
Pidgin
trac at pidgin.im
Sat May 18 06:15:31 EDT 2013
#15344: Pidgin should optionally remember expired TLS/SSL certificates from servers
-----------------------------------------------+---------------------------
Reporter: pazpaz | Owner: rekkanoryo
Type: enhancement | Status: new
Milestone: | Component: unclassified
Version: 2.10.6 | Resolution:
Keywords: certificate tls ssl expire dialog |
-----------------------------------------------+---------------------------
Comment (by hobarrera):
Pidgin '''should''':
1) Warn if a certificate has expired, but add a note if the fingerprint
has not changes.
2) Add a larger warning if the fingerprint '''has''' changed.
The rationale behind this is simple:
* If the warning says it has merely expired, anyone attempting to run a
MITM attack, will simply have to spoof an expired certificate. If you run
you own server, you know it's safe to just click ''accept'' and have no
need to check the fingerprint.
* A warning should still be shown when it expires, because ''non-techie-
users'' should get a security warning. Note that sysadmins won't bother to
revoke compromised expired certificates, so blindly accepting an expired
one may result in accepting a compromised one (and a potential MITM
attack).
--
Ticket URL: <https://developer.pidgin.im/ticket/15344#comment:5>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list