Certificate and showing a sign-cert not there

Jochen Bern Jochen.Bern at binect.de
Wed Feb 9 08:14:49 UTC 2022


On 09.02.22 02:13, Wayne Spivak wrote:
> The vendor I have, which is having the difficulty is still
> saying he gets a self-signed cert… but as I showed in my
> last email after I added Intermediate to the certificate,
> everything was ok.

"*A* self-signed cert" would match the root cert that your have (had?) 
in your chain, though it would be unusual that *that* would prompt a 
client to complain.

"*Only* a self-signed cert" would likely be some middleboxes' doing. As 
justina pointed out, e-mail systems are still not in the habit of doing 
full verification of certs, so MitM attacks are definitely possible.

[Still vividly remembers finding that a certain camping ground's WiFi 
transparently redirects geusts' SMTP/IMAP to a snooping, SSL-enabled 
server ...]

Kind regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220209/cbf3eb6e/attachment.bin>


More information about the dovecot mailing list