Franck,
Frank Hecker wrote:
Thunderbird works OK with this setup, but as you note there is no way for me to import the root CA certificate for my CA. Thus I have to rely on TB to present the initial cert warning dialog, and then tell it to accept the server certificate. After that everything seems to work OK.
So, how informed is the decision when you make it ? Can you view the cert details before accepting the cert and trusting it ? Or do you have to do it just blindly ?
Not being able to manage certs is certainly an inconvenience, but let me play devil's advocate for a moment: In a real enterprise deployment of Thunderbird it might be better to ship a customized version with pre-loaded certs, as opposed to relying on users to import a corporate root cert. Thus one could make an argument that instead of trying to design and implement Thunderbird UIs for cert management it would be more useful to enterprise customers just to make it as simple as possible to do cert preloading. (When I have some spare time I should seach out the instructions on how to rebuild the relevant NSS library and see if I can do this myself.)
It's often not a practical solution in multi-platform environment to rebuild all the clients with pre-loaded certs. I think the deployment cost is too high, and the corporations will just look elsewhere for apps that have a cert manager.
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
