On Sun, 24 Mar 2013 01:41:34 -0400, Daniel Kahn Gillmor wrote:
i think you should have the remote server's certificate loaded in your "Servers" tab, not in your "Authorities" tab.
Perhaps my phrasing was not quite clear, but the remote server's certificate was NOT loaded into the Authorities section -- I wanted to avoid the need to load the server's certificate at all. I meant to convey that a self-signed Certificate Authority (CA) signed the server's certificate. It was the self-signed Certificate Authority's certificate that was loaded into the "Authorities" section (i.e. root key store) of Icedove. That CA has signed multiple certificates used in various places. The key material for the Certificate Authority is well guarded.
I'll admit my knowledge of Public Key Infrastructure policies and procedures is weak. But it is my understanding that other organizations, such as MIT, do exactly what I have described above. If what I have described entails undue security risk, please advise.
Many thanks, Phil -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
