> As seen from the table above, this is currently a non-issue (Outlook > will always encode SignerIdentifier with issuer name + serial). But > I agree that the Outlook developers should pay attention to this as > well when they are touching the code to fix the RecipientIdentifier > stuff.
Sigh. I just came across this: http://support.microsoft.com/kb/2142236 Non-Outlook email clients unable to decrypt email sent from Outlook 2010 which states under "Cause": > Outlook 2010 now more fully implements the Cryptographic Message > Syntax (CMS) as documented in RFC3852. Outlook 2010 now uses > subjectKeyIdentifier as the SignerIdentifier, whereas earlier > versions used issuerAndSerialNumber. It seems that some clients may > not yet support using subjectKeyIdentifier as the SignerIdentifier, > as defined per the RFC. This results in it being unable to decrypt > the message. The statement about the SignerIdentifier is definitely incorrect. It seems that Microsoft does not yet fully understand the issue - does anyone here have straight contact to the Outlook dev team, or know people who have? I'd be happy to help (i.e., explain the problem with all the gory details), but would prefer to speak to someone who is also able to fix the code, afterwards. Kaspar -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
