Re: [Fed-Talk] CAC Patch 1.2 help requested
Re: [Fed-Talk] CAC Patch 1.2 help requested
- Subject: Re: [Fed-Talk] CAC Patch 1.2 help requested
- From: "Stephen Bowman" <email@hidden>
- Date: Fri, 10 Oct 2008 09:17:32 -0400
On Fri, Oct 10, 2008 at 8:56 AM, Timothy J. Miller
<email@hidden> wrote:
Stephen Bowman wrote:
Second, the email address in each recipient's certificate must match
the email address in the To:/CC:/BCC: line. In addition, the case
must match for the username portion (i.e.,
email@hidden
<mailto:email@hidden> does not match email@hidden <mailto:email@hidden>,
but email@hidden <mailto:email@hidden> *does* match email@hidden
<mailto:email@hidden>). The reason for this is buried deep in
RFC2822. It's annoying, but technically is correct behavior.
Third, *you* are always an unstated recipient of every mail you
send, so the second point applies to your own email address and
certificate as well.
Wouldn't be able to digitally sign if any of this were incorrect, right?
Address matching only applies to your own certificate when sending a signed message. If you can sign, your cert & mail config is fine.
If you can't encrypt, then it's one of the other recipients.
The certificates were valid, in my login keychain, with the email address *exactly* matching the recipients in all variations I tried. I tried to send encrypted mail to literally all 30 people whom I have certificates for. Never would the lock be anything but greyed out until my own certificates were in the login keychain. Now, it all just works. And this was on a *clean* (from scratch) install of leopard. I sent a message to the list about this a month or so ago.
-Stephen
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden