[GPGSM][GPGME] thawte freemail certificates?

Stephan Menzel smenzel at gmx-gmbh.de
Tue Apr 22 09:24:42 CEST 2008


Am Montag, 21. April 2008 21:18:32 schrieb Ron Rogers Jr.:
> > This mail is signed with one of them vicious Thawte
> > Certificates. Is there a way to have it verified with or
> > without checking CRLs so validity is "valid" and not longer
> > "unknown"?
>
> The sample checks out fine for me: "Good signature from Thawte
> Freemail Member", using Claws-Mail with gpgme/gpgsm S/MIME
> plugin. Can you verify my S/MIME signature?

Yes, I can, but under the same limitations. When I 
activate "disable-crl-checks" it is green, when I don't it's yellow. Same now 
with gpgme! I realized yesterday after working on this bugger for 4 days that 
I do the validation remote on a different machine, which I forgot and kept 
wondering why my local changes had no effect whatsoever ;-) Given that I 
wrote that remote daemon and set up this architecture long ago it gives me a 
new impression about the meaning of the word irony.

Anyway, i think given the way those thawte certificates are made, the above 
behaviour is how it should be: The CRL can't be checked because it's not 
specified in the certificate and so the signature is only valid as long as I 
trust the certificate and disable CRL checks.
Or am I wrong here?

Greetings...

Stephan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20080422/c96f6886/attachment.pgp>


More information about the Gnupg-users mailing list