Re: [Fed-Talk] Unable to verify message signature
Re: [Fed-Talk] Unable to verify message signature
- Subject: Re: [Fed-Talk] Unable to verify message signature
- From: "Shawn A. Geddis" <email@hidden>
- Date: Tue, 4 Dec 2007 11:19:48 -0500
On Dec 3, 2007, at 4:26 PM, Timothy J. Miller wrote:
On Dec 2, 2007, at 3:34 PM, Richard Sperling wrote:
1. The sender’s certificate may have expired.
2. You don’t have a root certificate for the authority used to
sign the sender’s message.
3. The message was modified in transit.
4. You are missing one or both of the X509Anchors or
X509Certificates files from /System/Library/Keychains.
5. The sender's email address does not match the rfc822Name (or
subject DN email component) in the signing certificate.
I do not have problems with digital signatures in Thunderbird.
Note that Mail.app requires that the *local-part* (left side of
the '@') be a *case sensitive* match. This is a strict
interpretation of the RFC that no other mail user agent enforces.
-- Tim
The "Unable to verify message signature" can mean several things as
folks have noted here. Within the message viewer window, you can
click on the "Show Details" button to get further clarification of why
it may be for that particular message.
Also keep in mind that when signed messages are sent thru a Mailing
List Server, that the message is *rewritten* by the server - some List
Servers handle this better than others. This would indeed modify the
original message and therefore be noted in Mail as "Unable to verify
message signature". This is verifying that the sender of the message
(ListServ) is not the original sender who signed the message (Fed-Talk
List member). In this scenario, all the other valuable points noted
above are unfortunately not the issue.
- Shawn
_____________________________________________________
Shawn Geddis Security Consulting Engineer Apple Enterprise
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden