gpgsm and expired certificates
expires2013 at ymail.com
Thu Nov 7 00:29:05 CET 2013
-----BEGIN PGP SIGNED MESSAGE-----
On Wednesday 6 November 2013 at 11:42:49 AM, in
<mid:87txfpg3ie.fsf at gilgamesch.quim.ucm.es>, Uwe Brauer wrote:
> Well take for example iOs: using pgp is a sort of a
So I have heard.
> The reasons why I think smime is easier to use for the
> average user are: smime is already installed in most
> MUA (so no additional software+plugin)
But all the hordes who use webmail are pretty-much still out of luck,
though. (With certain exceptions, such as hushmail.)
> keypairs are
> generated and signed by the "trust center".
I don't know about the "trust centre." The Bat! gives me the choice
of its own internal implementation or Microsoft Crypto-API, which is
part of Windows. (The Bat! and Windows are closed-source proprietary
products that we probably shouldn't discuss too much on this list.)
> keys are automatically embedded in the signatures.
That is simpler and avoids the web-bug-like effect you have if you
choose to auto-retrieve OpenPGP keys from keyservers for new contacts.
But must waste a lot of bandwidth between regular correspondents.
> Aha I see you use the BAT, an email program I have not
> seen in use, for almost a decade.
I have used it myself for over nine years.
> Good and bad news.
> Gpgsm allowed my to use your public keys after having
> fireing up a series of questions, iOs also,
> (if you
> don't mind I send you to test messages later privately)
I don't mind.
> However thunderbird refuses to use yoru public key
> claiming it cannot be trusted.
Fair enough. Using its internal implementation, The Bat! accepts
signatures from the S/MIME certificate I created last night (because I
added it to the trusted root CA address book) and does not accept your
S/MIME signature (because Comodo's root certificate is not in the
trusted root CA address book - but adding it would be just a few
clicks). MS Crypto-API is fine with Comodo's root cert, but says my
certificate has an invalid signature algorithm specified.
I just searched and found  about Thunderbird, which says you can
import a copy of other people's self-signed S/MIME certificate from a
".cer" file into your "Authorities" tab. So much for "being easier
because keys are automatically embedded in the signatures."
> So I am afraid the
> issue is to persuade the not only the people but also
> the software.
As I said, getting other people to persuade their MUA to accept it.
MFPA mailto:expires2013 at ymail.com
Courage is not the absence of fear, but the mastery of it.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users