Search found 3 matches
- January 15th, 2009, 10:14 am
- Forum: Feature Requests
- Topic: Verification of the NNTP Server's SSL Certificate
- Replies: 4
- Views: 4221
Re: Verification of the NNTP Server's SSL Certificate
Yes, I know Bruce Schneier, but I think your quote doesnt fit properly to our discussion here. The quote simply states that *forging* an SSL certificate (as in the latest attack on MD5 signed certificates of RapidSSL) is not worth the effort because not many client verifies them. So, its a problem o...
- January 15th, 2009, 9:04 am
- Forum: Feature Requests
- Topic: Verification of the NNTP Server's SSL Certificate
- Replies: 4
- Views: 4221
Re: Verification of the NNTP Server's SSL Certificate
Thanx for your quick response. Certificate verification could be optional, of course (so, only when provided). IMHO encryption without authentication is a somewhat half-hearted solution suggesting security where an important part in the chain is missing. I guess, quite some NTTP over SSL users also ...
- January 15th, 2009, 6:15 am
- Forum: Feature Requests
- Topic: Verification of the NNTP Server's SSL Certificate
- Replies: 4
- Views: 4221
Verification of the NNTP Server's SSL Certificate
It would be a very nifty to add the possibility to check the certification of the NNTP Server when communicating via SSL. As you know, encryption without verification of the X.509 certificate doesn't secure you from man-in-the-middle attacks. AFAIK, PyOpenSSL provides methods to verify certificates,...