Re: [fetchmail-devel] [fetchmail-users] master: TODO.txt

[grarpamp <gra...@gm...>]

> Up front, thanks a bunch for the feedback.  We should move to

BTW, 6.3.26 happens to work here. Now if I could just get --password
before I end up stealing the framework for it from some other option :)

> I am wondering - especially about switching SSL library, too, because
> OpenSSL requires you to jump quite through a few hoops for even standard
> stuff, like CRLs and OCSP.

Don't know much there, not really a programmer that way. Haven't
got around to trying the GNUTLS binary cert tools yet either.
https://en.wikipedia.org/wiki/Comparison_of_TLS_Implementations

> to have someone willing to tell users in the fetchmail lobby how to make

I'm hoping to search out some overall cert security docs online for
this someday. They'd be far better and easier to point to.

> The missing link is that you hardly ever get the certificate
> fingerprints on the "how to configure Outlook, blahmail, whatever for
> fetching mail from us" on the ISP help pages, or even better, by snail
> mail when they send you account data.

I do see some that show GUI pics and so forth, though they're
usually related to accepting a self-signed or intermediate cert.
There are often some short blog style posts if you search out some
problematic FP you're dealing with. I'll be testing pinning with Firefox
then Thunderbird sometime this year. Maybe the world will come
up with a better cert scheme in a few years.