Once more, thank you for clarification!
About your patches: I certainly would like to test them. We would *much*
welcome if there was a more flexible (unambiguous) method to configure
the certificate.
But I wonder whether this will be backwards compatible. If we had to
setup the certificate using the "old" method for older versions of,
e.g., Thunderbird, while we had to use the "new" method for the later
versions, then it would complicate things largely for us.
Is there a patched Thunderbrid available (preferably for the Windows
platform) or do I need to build myself from the sources? The patch in
question would be this one, right?
https://bug278689.bmoattachments.org/attachment.cgi?id=8632525
Regards,
Daniel
Am 26.07.2015 um 08:41 schrieb Kaspar Brand:
On 20.07.2015 18:33, Trick, Daniel wrote:
As soon as the ":" is removed from the certificate's friendly name,
there no longer is a locale-specific prefix in the certificate name at
all - best solution of all for our purposes.
In NSS, the colon is used to separate the token name and the nickname,
i.e. when the nickname itself includes a colon, prepending the token
name prevents the first part of the nickname from being misinterpreted
as the token name.
On 15.07.2015 17:57, Trick, Daniel wrote:
The troubling part is to actually configure the user's Thunderbird
profile to make use of the specific certificate! I already found that
the signing/encryption certificate is stored in the user's "prefs.js"
file in the profile directory. The entries are called
"mail.identity.id?.encryption_cert_name" and
"mail.identity.id?.signing_cert_name". Adding or altering this entries
is straight forward. But the specific value that I need to set up is the
problem! The format of the value of these entries appears to be:
*<prefix>: <certificate_friendly_name>
*First of all: Why use the friendly name here? It's not really
unique/unambiguous. Why not use, e.g., the Thumbprint or a combination
of issuer and S/N instead?
In https://bugzilla.mozilla.org/show_bug.cgi?id=278689, I'm trying to
implement more flexible support for configuring specific signing and/or
encryption certificates in Thunderbird. If you're able/willing to test
the patch(es), your feedback would be appreciated.
Kaspar
--
Daniel Trick, Fraunhofer SIT
Cloud Computing, Identity & Privacy (CIP)
Rheinstr. 75, 64295 Darmstadt, Germany
Tel +49 6151 869-303
mailto:[email protected]
http://www.sit.fraunhofer.de/
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
