Good morning! I am using Mutt (1.5.21 from Debian wheezy package 1.5.21-6.2+deb7u1) to access an IMAP server using an "imaps"-URL. That particular server is presenting a self-signed SSL certificate of which a copy is stored in "~/.mutt_certificates". A while ago, the certificate expired and Mutt started prompting me for "(r)eject, accept (o)nce" -- so far, so good.
The server admin generated a new self-signed certificate and installed it, and what surprised me was that Mutt immediately accepted the new certificate without prompting me. (I had expected to be asked "(r)eject, accept (o)nce, (a)ccept always", verify the fingerprint, then choose "a".) It took me a while to figure out that this behaviour probably was to be expected, because the new certificate was issued by the same issuer as the old certificate (same name, same key), and Mutt trusts the old certificate (in local storage) for use as a CA certificate. However, I am now wondering whether the observed behaviour really is intended. Let's assume that the server admin does generate a new key for each new self-signed certificate and the old key is not supposed to be ever used again. What happens if the old key gets stolen or lost a few years later (think: hard drive with backup ends up on eBay)? Anybody could generate a new self-signed certificate and become a man-in-the-middle without me ever noticing. Should I regularly remove all expired certificates from "~/.mutt_certificates"? Should Mutt ignore all such certificates (or prompt for acceptance each time such a certificate becomes part of a verification chain)? Assuming my understanding of the "accept locally stored certificates as CA certificate"-feature is correct, a related question: Can I ask Mutt to never accept a locally stored certificate as a signing certificate? (I don't trust that server admin, but he could use the self-signed certificate (which I have to trust) to issue a certificate for some other subject, and Mutt would trust it, correct?) If I can't, would my best choice currently be to only add certificates issued by really trustworthy people to "~/.mutt_certificates", and to manually verify the fingerprint on each other connection? (Hm, using a specific "mutt_certificates" file per server would also help, I guess.) Thanks in advance, Marcus -- Marcus C. Gottwald · <m...@cheers.de> · https://cheers.de
