Hi friends,
here is a wishlist request from a Debian user. I do not personally
have time enough to hack this, but you might find this idea
interesting.
Cheers,
Benjamin
--- Begin Message ---
Package: fetchmail
Version: 6.2.1-1
Severity: wishlist
When you connect to a "new" (not previously seen) server with ssh it
reads you its key fingerprint, and if you trust it, the key is stored in
a "known hosts" file. In future connections the server's key is checked
against the stored key, and a big warning is printed if the key fails
this test.
Now, with self-signed ssl certificates I follow a pretty similar process
with fetchmail, but I do it by hand: I run fetchmail for the first
connection in verbose mode, cut the fingerprint, and paste it into my
fetchmailrc with the keyword sslfingerprint. If there is no man-in-the
middle attack this first time, I'm pretty safe.
I'm not sure about the best way to implement the ssh "key learning" in
fetchmail for ssl keys, because it's not so "interactive" as ssh, but I
think it would be nice :-)
Thanks!
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux galadriel 2.4.20-ck3 #1 Tue Feb 11 20:33:56 CET 2003 i686
Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL set)
Versions of packages fetchmail depends on:
ii adduser 3.49 Add and remove users and groups
ii base-files 3.0.8 Debian base system miscellaneous f
ii debconf 1.2.24 Debian configuration management sy
ii debianutils 2.2.4 Miscellaneous utilities specific t
ii libc6 2.3.1-11 GNU C Library: Shared libraries an
ii libssl0.9.7 0.9.7-4 SSL shared libraries
-- debconf information:
* fetchmail/initdefaultswarn:
* fetchmail/runasroot: false
* fetchmail/confwarn:
fetchmail/fetchidswarn:
* fetchmail/systemwide: true
--- End Message ---
--
.''`.
; ;' ; Debian GNU/Linux | Benjamin Drieu
`. `' http://www.debian.org/ | <benj(_at_)debian(_dot_)org>
`-