Comment by ehhthing

Comment by ehhthing 10 months ago

3 replies

View on Hacker News

iOS never supported this configuration regardless, a change in SSL certificate does not cause any kind of notification to the user.

Also, you're basically objecting to the entire idea of PKI for use in IMAP which is incredibly hard to justify. Perhaps you wish to use a different model for your own personal reasons but the default being PKI should not be controversial, and if you want to use your own model you should use a different mail client.

detourdog 10 months ago

It did support it. One had to trust the certificate manually. I gave up on self-signed cents about 6 years ago.

Reply View 2 replies
  • ehhthing 10 months ago

    It supported using self signed certs, but if the server suddenly switched from a self signed to a trusted CA-signed certificate, no prompt would be given. So the idea that self signed certificates are somehow more secure for this specific purpose is incorrect.

    Reply View 1 reply
    • detourdog 10 months ago

      It was a complex Trust relationship and Apple’s it just work was onerous to work around. When security is the top priority I would alway go with self-signed certificates.

      Reply View 0 replies