Re: [Fed-Talk] Leopard Mail, Address Book, Key Chain Access interactions for X.509 certificates
Re: [Fed-Talk] Leopard Mail, Address Book, Key Chain Access interactions for X.509 certificates
- Subject: Re: [Fed-Talk] Leopard Mail, Address Book, Key Chain Access interactions for X.509 certificates
- From: Timothy J Miller <email@hidden>
- Date: Thu, 15 May 2008 12:49:57 -0500
On May 15, 2008, at 12:23 PM, Paul Derby wrote:
Keychain Access has both certificates, and it makes no sense to
throw away the old certificate unless you want to lose the ability
to validate signatures done with the expired certificate for older
email.
Yes you can. Signed objects almost invariably have the cert with
them; you don't need a copy of your own to validate a signature.
PKCS#7 and CMS, which are used as signing format for just about
everything except XML signing, *does* make including the cert
optional, but it's almost never done precisely because it saves the
validator the trouble of *finding* the cert. I know of no S/MIME mail
client that exercises this option.
-- Tim
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden