> > However, I've been told that the Certificate Authorities system is > fundamentally flawed, in the sense that CAs don't communicate with each > other, any of them can sign for any domain name, and I've been told some > CAs are quite un-trustworthy. This is a scary prospect.
Are you saying that a trusted CA might sign an SSL certificate for a domain that the requester doesn't own. I find that surprising. The whole point of the trusted CA system is that you *can* trust them to do the correct thing - and the correct thing is for them to verify that you have the right to request a signed certificate for a particular domain. > > Now, I never had to "accept" the certificate for Google to use GMail > through IMAP. To be honest, I would have expected some sort of prompt > that says, "Hey, this is the first time you're connecting to that > host... are you certain that you are on a trusted network connection and > the host you are connecting to is really the one it claims to be?"... No, the point of the trusted CA system is that you aren't presented with those sorts of prompts. If you are concerned about this, remove the trusted CA certificates from your system, you will then be asked to verify every new certificate your machine comes across. > > My question is thus the following: if the user is not the one manually > vetting the certificates, what happens when someone tries to do a > man-in-the-middle attack (ie: you're on an untrusted wifi, someone tries > to impersonate the GMail IMAP servers and provide a valid, signed > certificate that is different from Google's)? That requires the attacker to have a valid signed certificate, signed by a trusted CA, for Google's servers > > Will the user get (I hope) a big scary "SOMETHING IS VERY WRONG" warning > like SSH does when server fingerprints don't match? No, if the certificate seen by the underlying SSL mechanism is trusted, then you will not get any warnings ... because it's trusted. > > I'm of course not a security expert, but would like some reassurance > that Evolution is actually safe against this scenario. Evolution uses the same underlying SSL subsystem that the rest of your machine uses, so it is as safe as, say, the https protocol - and I suspect you put considerably more trust in that than you do in an encrypted IMAP connection. P. _______________________________________________ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
