Re: [Fed-Talk] CAC Patch 1.2 help requested
Re: [Fed-Talk] CAC Patch 1.2 help requested
- Subject: Re: [Fed-Talk] CAC Patch 1.2 help requested
- From: "Stephen Bowman" <email@hidden>
- Date: Fri, 10 Oct 2008 08:48:56 -0400
On Fri, Oct 10, 2008 at 8:43 AM, Timothy J. Miller
<email@hidden> wrote:
Gregory Adair wrote:
Glad you mentioned this, because I haven't seen it mentioned anywhere else. Several of us here at my command, are unable to encrypt messages using our pki certs The problem is occurring on machines from 10.5.2 up to those running 10.5.5 with the 1.2 patch installed, and others in between. We are all able to digitally sign, send, and receive messages, but like Ben stated, the padlock is greyed out and unusable. Has anyone else had this problem? Maybe it's just us or maybe not many folks have been encrypting messages to see problem because I haven't seen a lot of chatter on this list about it. All, please take a look and give it a try. I see this as a pretty big thing that needs fixing. Thank you.
First, you need the *recipient's* certificates in your keychain to send encrypted email.
Yep -- very well known. Even replying to an incoming message that was signed by the sender would only allow a digitally signed response, the lock was always 'greyed out' until my own certificates were in the login keychain.
Second, the email address in each recipient's certificate must match the email address in the To:/CC:/BCC: line. In addition, the case must match for the username portion (i.e., email@hidden does not match email@hidden, but email@hidden *does* match email@hidden). The reason for this is buried deep in RFC2822. It's annoying, but technically is correct behavior.
Third, *you* are always an unstated recipient of every mail you send, so the second point applies to your own email address and certificate as well.
Wouldn't be able to digitally sign if any of this were incorrect, right?
-- Tim
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden