Re: [Fed-Talk] Root Cert on MacBookPro Question
Re: [Fed-Talk] Root Cert on MacBookPro Question
- Subject: Re: [Fed-Talk] Root Cert on MacBookPro Question
- From: "Timothy J. Miller" <email@hidden>
- Date: Mon, 28 Dec 2009 12:46:12 -0600
Peter Link wrote:
It's funny you should reply to this email thread since your email
comes across with an untrusted rootCA.
Of course it does. I sign with my MITRE cert because the vast majority
of email I send from this account is to MITRE people. The fact that I
neglect to *uncheck* signing when sending to the list is more my problem
than yours. :)
As far as David's comment about not being able to send a return
encrypted email, that doesn't surprise me since our DOE Entrust
certificates are split so the recipient doesn't necessarily (always)
get the encipherment certificate with every signed email.
Actually, most popular mail clients track key usage bits and will send
encryption certs if a signing-only cert is used when signing. These
same clients are smart enough to reap both certs from incoming email and
save them for use with outgoing messages.
This is written into S/MIME because S/MIME presumes that only email is
available for cert discovery as a default operating principal.
David's problem is much more likely to be the result of Mail.app's
documented problem of not recognizing that he *does* have the proper
recipient certificates because of the way the client matches certs to
recipients.
> Does this
mean PKI isn't ready for combat, it just means some organizations
implemented some weird configurations awhile ago and haven't fixed
them. Change, especially in the government, is next to impossible.
IMHO, all the problem David has means is that there is indeed such a
thing as being "too strict" when implementing a standard.
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden