Comment by nerdile

Comment by nerdile 2 days ago

So in summary: iOS used to accept untrusted certificates, yikes! Now, it validates the server cert, and people are upset? This blatantly insecure thing is broken now and the posters don't want to set it up securely?

It seems like these people are just struggling with how to properly set up their email server and clients when using a private CA. If you're going to use your own CA, then configure your client to trust it. The rest of us should be able to enjoy secure defaults and not have to worry about our less informed family members being tricked into bypassing basic security protections like TLS validation.

mmd45 2 days ago

bad summary. it prompted you to accept the certificate upon first use and then pinned it which is far different than what you are describing in terms of security implications.

Reply View 2 replies

nerdile a day ago

TOFU for invalid/untrusted certificates is the equivalent of "go there anyway" in a browser Very different than explicitly trusting a Private CA. It means that skilled attackers can rely on unskilled users clicking the "trust me, it's fine" button. All so that someone skilled enough to set up their own email server and certificates doesn't have to configure their system securely?
This is about making bad things harder for unskilled users at the cost of raising the standard for service providers. If you can set up an email server, you can use easyrsa or step-ca or some manual openssl to create your own root CA. Or, register your self-signed email server as a trusted root CA.
Personally, I use easyrsa for my internal CA (with domain path constraints because I'm paranoid) and letsencrypt for my mail server, but I require VPN access to the user ports on the mail server.

Reply View | 1 reply
- mmd45 a day ago
  
  you are assuming i have users and this is a mail server not a website which has a very different access pattern more analogous to ssh where TOFU works beautifully.
  
  Reply View | 0 replies