• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] Root Cert on MacBookPro Question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] Root Cert on MacBookPro Question

  • Subject: Re: [Fed-Talk] Root Cert on MacBookPro Question
  • From: "Timothy J. Miller" <email@hidden>
  • Date: Mon, 28 Dec 2009 12:46:12 -0600
Peter Link wrote:

It's funny you should reply to this email thread since your email comes across with an untrusted rootCA.

Of course it does. I sign with my MITRE cert because the vast majority of email I send from this account is to MITRE people. The fact that I neglect to *uncheck* signing when sending to the list is more my problem than yours. :)

As far as David's comment about not being able to send a return encrypted email, that doesn't surprise me since our DOE Entrust certificates are split so the recipient doesn't necessarily (always) get the encipherment certificate with every signed email.

Actually, most popular mail clients track key usage bits and will send encryption certs if a signing-only cert is used when signing. These same clients are smart enough to reap both certs from incoming email and save them for use with outgoing messages.

This is written into S/MIME because S/MIME presumes that only email is available for cert discovery as a default operating principal.

David's problem is much more likely to be the result of Mail.app's documented problem of not recognizing that he *does* have the proper recipient certificates because of the way the client matches certs to recipients.

> Does this
mean PKI isn't ready for combat, it just means some organizations implemented some weird configurations awhile ago and haven't fixed them. Change, especially in the government, is next to impossible.

IMHO, all the problem David has means is that there is indeed such a thing as being "too strict" when implementing a standard.

-- Tim


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: [Fed-Talk] Root Cert on MacBookPro Question (From: David Emery <email@hidden>)
 >Re: [Fed-Talk] Root Cert on MacBookPro Question (From: "Timothy J. Miller" <email@hidden>)
 >Re: [Fed-Talk] Root Cert on MacBookPro Question (From: Peter Link <email@hidden>)

  • Prev by Date: Re: [Fed-Talk] Root Cert on MacBookPro Question
  • Next by Date: Re: [Fed-Talk] Root Cert on MacBookPro Question
  • Previous by thread: Re: [Fed-Talk] Root Cert on MacBookPro Question
  • Next by thread: [Fed-Talk] Wayne Rice/AHFO/CO/BLM/DOI is currently out of the office.
  • Index(es):
    • Date
    • Thread