On 2010/06/03 13:57 PDT, PDF3 SecureEmail wrote: > According to the link at > http://social.technet.microsoft.com/Forums/en-US/officeappcompat/thread/3a19bbc7-9c6b-40ec-823d-16fd88e8de38 > Outlook 2010 is OL2010 is using “sender key ID” instead of “issuer > name and serial number” – as per an SMIME standard, but can be > reverted to an older style using a registry key. I suspect that NSS > is not supporting "sender key ID" yet/properly. I think Thunderbird > needs this fixed...
I suggest you read the relevant SMIME standards. The current version allows SMIME clients to use either of the two formats. Older versions of the standard only allowed the "issuer name and serial number" form. The newer versions allow either one to be used. However, the KeyID form identifies a certificate by a KeyID attribute which is an optional extension in the certificate itself. It is appropriate to use this form ONLY when the certificate thus identified actually has that extension present. When that extension is not present, the proper way to identify it is by its issuer name and serial number, since all certificates have that, and only some have the optional keyID. TB can identify certificates by their keyID *WHEN THEY HAVE A KEYID*. But when OL2010 says "the desired cert has this KeyID", and in fact the desired cert has NO KeyID at all, TB is correct to say "no cert with that KeyID can be identified". -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
