Re: gpgsm and expired certificates

Thu, 07 Nov 2013 12:02:18 -0800 

>> "MFPA" == MFPA  <expires2...@ymail.com> writes:

Hello

[snip]


   > But all the hordes who use webmail are pretty-much still out of luck,
   > though. (With certain exceptions, such as hushmail.)

Yep, there is penango fore firefox+gmail.


   >> Public
   >> keys are automatically embedded in the signatures.

   > That is simpler and avoids the web-bug-like effect you have if you
   > choose to auto-retrieve OpenPGP keys from keyservers for new contacts.
   > But must waste a lot of bandwidth between regular correspondents.

Well given that a lot of users write emails with html markup, this
really does not bother me.


   >> However thunderbird refuses to use yoru public key
   >> claiming it cannot be trusted.


   > I just searched and found [1] about Thunderbird, which says you can
   > import a copy of other people's self-signed S/MIME certificate from a
   > ".cer" file into your "Authorities" tab. So much for "being easier
   > because keys are automatically embedded in the signatures."

Well I was referring to the following 10 years old bug
https://bugzilla.mozilla.org/show_bug.cgi?id=209182

I have the feeling this is a design decision by  "philosophy":
thunderbird/semonkey don't encourage the use of self-signed certificates
(BTW I just learn that there is a add-on, key-manager which generates
self-signed certificates, similar as it seems to me to the BAT.

At first I thought that I need to use openssl in order to extract your
cert and import in under authorities 
like
openssl pkcs7 -in MFPA.p7 -inform DER -print_certs > out.cert

(Which would be bad, because command line openssl is not what the
average user would call, comfortable and windows users have to install
openssl a part)

However it is not necessary I just export our signature as a pem file
and import in under authorities. Still this is very uncomfortable...

regards

Uwe Brauer 

BTW, I see you switched back to pgp, but why do you use old inline mode
and not pgpmine?

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to