Ralf Mollik wrote: > ... is it possible to import a certificate from a signed message ...
... into the cert manager?
I think it has been possible in a previous version - but with Moz. 1.5 / 1.6b it is no more ( or I am blind )...
Ralf,
Some certs are limited in their use to be only for signing, not encryption. Other certs are limited to be used only for encryption, not signing. And others may be used for both.
There's no need to store other people's signature-only certs in moz's DB, since there will be a copy of the relevant signing certs attached to any signed email. The only certs that need to be stored are encryption certs.
moz used to automatically store a copy of all certs it received in emails, regardless of whether they were or were not useful for encryption, and mozilla would store certs with invalid signatures, or signed by untrusted CAs, etc. That was bad becase an bad cert could "poison" the cert store.
So, now mozilla only stores other people's certs that (a) are valid for encryption, and (b) were issued by valid CAs. It does this automatically.
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
