Re: Mail Insecure TLS Usage For SMTPS

[Sabahattin Gucukoglu <mail () sabahattin-gucukoglu com>]

Just FYI, Apple responds to my concerns:

> After examining your report we do not see any actual security implications.  Mac OS X can locate missing intermediate 
> certificates by finding them in a keychain or by using the "CA Issuers" field of the "Certificate Authority 
> Information Access" extension in the certificate.  One of these will succeed because your certificate does have the 
> "CA Issuers" field.  Once the intermediate has been found, a complete certificate chain can be built and Mail will 
> accept the certificate as valid.

And, yes, that field really specifies the missing piece in the chain as a URI to the PEM-encoded intermediate 
certificate.

So that's okay then.  And really, quite cool. :-)

Cheers,
Sabahattin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/