gpgsm and expired certificates
Mark H. Wood
mwood at IUPUI.Edu
Fri Nov 8 16:17:58 CET 2013
On Thu, Nov 07, 2013 at 12:16:36PM +0100, Uwe Brauer wrote:
> >> "MFPA" == MFPA <expires2013 at ymail.com> writes:
> >> However thunderbird refuses to use yoru public key
> >> claiming it cannot be trusted.
> > I just searched and found  about Thunderbird, which says you can
> > import a copy of other people's self-signed S/MIME certificate from a
> > ".cer" file into your "Authorities" tab. So much for "being easier
> > because keys are automatically embedded in the signatures."
> Well I was referring to the following 10 years old bug
> I have the feeling this is a design decision by "philosophy":
> thunderbird/semonkey don't encourage the use of self-signed certificates
> (BTW I just learn that there is a add-on, key-manager which generates
> self-signed certificates, similar as it seems to me to the BAT.
This bug seems to cry out for an add-on. Then people who (think they)
know what they are doing can have the additional convenience, and the
rest can do whatever it is they do now. I would guess there is
resistance to putting this into the base product on the theory that
99.9% of users will just hit "yes", meaning "get rid of this
unintelligible dialog and let me read the message", which is arguably
a Bad Thing.
Since we're getting offtopic anyway, I'll continue and opine that this
add-on would only be doing for self-signed cert.s and other unknown
CAs the same thing that the user *should* have done with those
commercial root cert.s: evaluate and install them individually. (Of
course hardly any of us have done this.)
Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu
Machines should not be friendly. Machines should be obedient.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6967 bytes
Desc: not available
More information about the Gnupg-users