Re: [Fed-Talk] CAC Patch 1.2 help requested

Subject: Re: [Fed-Talk] CAC Patch 1.2 help requested

From: "Stephen Bowman" <email@hidden>

Date: Fri, 10 Oct 2008 09:17:32 -0400

Delivered-to: email@hidden

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=tp9fSDl4Vlp/n1Cq5Q/vdvMrXTOdmc3rTwuBS461SLI=; b=MmvNut5b3XZBMehaQMidqm2AXOn81F3uFMoXRnPttxcoyP4Gd0+xOE41rCJ3TZH0Yr IPCPhBBMPFssCJbFEd0vy9HFBMidQpDXmncn59Ho67LY/X8GKW7NpHa157oRj41nDhXm UOfkFYFlYNgLnLsup2pAkb7uVdRYai6a+KNXU=

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=iZLvhAhKefFZgYu+oSfkDv25yjhZW/4CsQx65CuyyPf7Ic+P69ADPuWqaN8n5k3+x5 iHQVG7DrvZP3Gft4VDzqmgET1RXOrRDQE/BwuXKBZsAHdPbloD3doEBG9g1xlzZ18m3x RmZ6uBCkiQQa6elZDUDiN9uwVsdph38rEz2i0=

On Fri, Oct 10, 2008 at 8:56 AM, Timothy J. Miller <email@hidden> wrote:

Stephen Bowman wrote:

Second, the email address in each recipient's certificate must match
the email address in the To:/CC:/BCC: line. In addition, the case
must match for the username portion (i.e., email@hidden
<mailto:email@hidden> does not match email@hidden <mailto:email@hidden>,
but email@hidden <mailto:email@hidden> *does* match email@hidden
<mailto:email@hidden>). The reason for this is buried deep in

RFC2822. It's annoying, but technically is correct behavior.

Third, *you* are always an unstated recipient of every mail you
send, so the second point applies to your own email address and
certificate as well.

Wouldn't be able to digitally sign if any of this were incorrect, right?

Address matching only applies to your own certificate when sending a signed message. If you can sign, your cert & mail config is fine.

If you can't encrypt, then it's one of the other recipients.

The certificates were valid, in my login keychain, with the email address *exactly* matching the recipients in all variations I tried. I tried to send encrypted mail to literally all 30 people whom I have certificates for. Never would the lock be anything but greyed out until my own certificates were in the login keychain. Now, it all just works. And this was on a *clean* (from scratch) install of leopard. I sent a message to the list about this a month or so ago.

-Stephen

_______________________________________________ Do not post admin requests to the list. They will be ignored. Fed-talk mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/fed-talk/email@hidden This email sent to email@hidden

References:
	>Re: [Fed-Talk] CAC Patch 1.2 help requested (From: Gregory Adair <email@hidden>)
	>Re: [Fed-Talk] CAC Patch 1.2 help requested (From: "Timothy J. Miller" <email@hidden>)
	>Re: [Fed-Talk] CAC Patch 1.2 help requested (From: "Stephen Bowman" <email@hidden>)
	>Re: [Fed-Talk] CAC Patch 1.2 help requested (From: "Timothy J. Miller" <email@hidden>)