😂Irony… Sweet irony… (attached/embedded)
Actually, no – it’s an excellent example of “close, but no cigar” for Apple Mail. Things done “almost” right.
It *correctly* stated that in your trust model, the signing certificate chain is not acceptable because you do not trust the root CA/issuer. Therefore, it cannot tell who the sender was.
It *incorrectly* stated that it cannot verify the signature (itself).
It *should’ve* stated that based on the signature this message hasn’t (or has been?) tampered with, but it cannot ascertain the identity of the sender.
The error message it gave is misleading – there’s no problem “reading” the signature, there’s a problem validating the certificate chain.
On Apr 25, 2017, at 10:13 AM, Blumenthal, Uri - 0553 - MITLL <email@hidden> wrote:
The issue is - what our who is the primary subject that the certificate "certifies", what are the other attributes, and whether they are all equally important from validation point of view (I claim they're not).