#3916: Mutt 1.8: TOFU approach bails out on first fail or reject, not offering
higher links of the cert' chain
--------------------------+----------------------
Reporter: kratem32 | Owner: mutt-dev
Type: enhancement | Status: new
Priority: minor | Milestone: 1.8
Component: crypto | Version:
Resolution: | Keywords: tofu
--------------------------+----------------------
Comment (by kempniu):
My initial thought was also to introduce a prompt option to skip through
any certificate in the chain except the leaf. As you already found out,
this does not really bring any value because the next time you connect
Mutt will have no idea that you skipped some certificates upon a previous
connection attempt. For that to be possible, skipped certificates would
have to be stored somewhere, which IMHO is completely not worth the
trouble if you consider the arguable increase in security it brings.
However, Kevin's "auto skip" option idea sounds like a better approach,
though "only check host certificate" would perhaps we more a more
intuitive name. I will be happy to work on this, but likely not until the
middle of the week due to other commitments.
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3916#comment:28>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
