Re: [SLUG] Webmail and self signed SSL certificate

From: Douglas Koobs (dkoobs@dkoobs.com)
Date: Wed Jan 28 2004 - 11:38:07 EST


Eben King said:
<snip>
> Yes. IMO it's better not to use a certificate at all in this case, to
> avoid the hassle and confusion of them clicking "OK".

But then their ID, password, and all communications from the client to the
server are plaintext. And, once the certificate is installed on the
browser, they no longer get prompted to approve the certificate.

I guess the only part that truly needs to be encrypted for my purposes is
the password, since the emails to other domains are going to be sent clear
text via SMTP over the Internet. There is a SquirrelMail plugin to do
this. It forces logins to use https, but after successful login it uses
http.

Doug
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:32:23 EDT