Ian G wrote:
Hmm, ok, well I suppose that's true as an assumption,
and looking at Account / Settings ... the cert that
is now selected to sign for this email address is
*not* for this email address. This may explain why
it didn't in the end sign for this email ;-)
Well, I just tried it from the proper email address,
and it didn't work. This time I read the popup
carefully, and it said "check if the cert is valid
and *TRUSTED* ..."
So, I have a CACert certificate. And I suppose what
I am being told is that this is not trusted ... and
therefore I am not permitted to sign? (And because I
can't sign I can't encrypt :-)
That would be a bug, if true. Even if one were not
aghast at the temerity of restricting signatures to
people with paid permission ... I would have thought
it blindingly obvious that the *verification* is where
the quality of the signature chain should be checked.
(It doesn't say anywhere that the cert is not "trusted"
by Thunderbird so it may be that there is another
problem elsewhere. Are CACerts and Thunderbird
compatible ? Hey Duane, any daylight down there?)
Anyway, thanks for your help guys.
Question - should all this be bug filed, or is it all
covered in some standard somewhere, so no point? I'm
really an OpenPGP guy, so it's no big issue to me
personally, but if there is any intention to get this
stuff deployed for average users then I can have a
go at filing a bug.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
