RE: [Fed-Talk] Change in Cert Validation in 10.6.4?
RE: [Fed-Talk] Change in Cert Validation in 10.6.4?
- Subject: RE: [Fed-Talk] Change in Cert Validation in 10.6.4?
- From: "Miller, Timothy J." <email@hidden>
- Date: Tue, 29 Jun 2010 09:56:30 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Change in Cert Validation in 10.6.4?
>I have reported this as a bug to Apple. I think this is a pretty
>serious problem. As Henry points out, he can read the e-mail, but he is
>completely deprived of the ability to verify the sender. To me, that is
>a security bug, but I don't think that Apple sees it that way. Since
>they fail the validation, they may consider this "safe". However, it
>leads to the exact opposite behavior in users - deciding to trust a
>message anyway because they know the software can't do it for them.
It wouldn't come up in Henry's context if CDSA would build the shortest path to the NASA root instead of trying to cross the bridge. I think it's evidence of a further bug--*this* chain is invalid but a valid chain *does* exist in the certificate store.
-- Tim
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden