[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Mail Insecure TLS Usage For SMTPS

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Mail Insecure TLS Usage For SMTPS
From: Sabahattin Gucukoglu <mail@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 16 Nov 2010 06:48:50 +0000

Just FYI, Apple responds to my concerns:

> After examining your report we do not see any actual security implications.  
> Mac OS X can locate missing intermediate certificates by finding them in a 
> keychain or by using the "CA Issuers" field of the "Certificate Authority 
> Information Access" extension in the certificate.  One of these will succeed 
> because your certificate does have the "CA Issuers" field.  Once the 
> intermediate has been found, a complete certificate chain can be built and 
> Mail will accept the certificate as valid.

And, yes, that field really specifies the missing piece in the chain as a URI 
to the PEM-encoded intermediate certificate.

So that's okay then.  And really, quite cool. :-)

Cheers,
Sabahattin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] [ MDVSA-2010:233 ] cups
Next by Date: [Full-disclosure] VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console and Likewise components
Previous by thread: [Full-disclosure] [ MDVSA-2010:234 ] cups
Next by thread: [Full-disclosure] VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console and Likewise components
Index(es):
- Date
- Thread