gpgsm and expired certificates

[Mark H. Wood]

On Thu, Nov 07, 2013 at 12:16:36PM +0100, Uwe Brauer wrote:
> >> "MFPA" == MFPA  <expires2013 at ymail.com> writes:
[snip]
>    >> However thunderbird refuses to use yoru public key
>    >> claiming it cannot be trusted.
> 
> 
>    > I just searched and found [1] about Thunderbird, which says you can
>    > import a copy of other people's self-signed S/MIME certificate from a
>    > ".cer" file into your "Authorities" tab. So much for "being easier
>    > because keys are automatically embedded in the signatures."
> 
> Well I was referring to the following 10 years old bug
> https://bugzilla.mozilla.org/show_bug.cgi?id=209182
> 
> I have the feeling this is a design decision by  "philosophy":
> thunderbird/semonkey don't encourage the use of self-signed certificates
> (BTW I just learn that there is a add-on, key-manager which generates
> self-signed certificates, similar as it seems to me to the BAT.

This bug seems to cry out for an add-on.  Then people who (think they)
know what they are doing can have the additional convenience, and the
rest can do whatever it is they do now.  I would guess there is
resistance to putting this into the base product on the theory that
99.9% of users will just hit "yes", meaning "get rid of this
unintelligible dialog and let me read the message", which is arguably
a Bad Thing.

Since we're getting offtopic anyway, I'll continue and opine that this
add-on would only be doing for self-signed cert.s and other unknown
CAs the same thing that the user *should* have done with those
commercial root cert.s: evaluate and install them individually.  (Of
course hardly any of us have done this.)

-- 
Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Machines should not be friendly.  Machines should be obedient.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6967 bytes
Desc: not available
URL: </pipermail/attachments/20131108/73ee52ab/attachment.bin>