gpgsm and expired certificates

Uwe Brauer oub at mat.ucm.es
Thu Nov 7 12:16:36 CET 2013 

>> "MFPA" == MFPA  <expires2013 at ymail.com> writes:

Hello

[snip]


   > But all the hordes who use webmail are pretty-much still out of luck,
   > though. (With certain exceptions, such as hushmail.)

Yep, there is penango fore firefox+gmail.


   >> Public
   >> keys are automatically embedded in the signatures.

   > That is simpler and avoids the web-bug-like effect you have if you
   > choose to auto-retrieve OpenPGP keys from keyservers for new contacts.
   > But must waste a lot of bandwidth between regular correspondents.

Well given that a lot of users write emails with html markup, this
really does not bother me.


   >> However thunderbird refuses to use yoru public key
   >> claiming it cannot be trusted.


   > I just searched and found [1] about Thunderbird, which says you can
   > import a copy of other people's self-signed S/MIME certificate from a
   > ".cer" file into your "Authorities" tab. So much for "being easier
   > because keys are automatically embedded in the signatures."

Well I was referring to the following 10 years old bug
https://bugzilla.mozilla.org/show_bug.cgi?id=209182

I have the feeling this is a design decision by  "philosophy":
thunderbird/semonkey don't encourage the use of self-signed certificates
(BTW I just learn that there is a add-on, key-manager which generates
self-signed certificates, similar as it seems to me to the BAT.

At first I thought that I need to use openssl in order to extract your
cert and import in under authorities 
like
openssl pkcs7 -in MFPA.p7 -inform DER -print_certs > out.cert

(Which would be bad, because command line openssl is not what the
average user would call, comfortable and windows users have to install
openssl a part)

However it is not necessary I just export our signature as a pem file
and import in under authorities. Still this is very uncomfortable...

regards

Uwe Brauer 

BTW, I see you switched back to pgp, but why do you use old inline mode
and not pgpmine?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5556 bytes
Desc: not available
URL: </pipermail/attachments/20131107/22fc8650/attachment-0001.bin>

More information about the Gnupg-users mailing list