I was trying to load a key encipherment(20) certificate I obtained from a LDAP server. I couldn't figure out how to get that to work, but I noticed something interesting.
Below you say: > "Existing versions of Communicator will downright choke on Certs > presented as email certs without the email address in the SubjectName." The cert I was working with is one of those 600,000 and there is no "email address in the SubjectName". The email is in a subjectAltName extension only. Now this may not be what you ment by "email certs". As to loading it into the Mozilla store; that is a puzzle. I downloaded the cert and stored it as a .cer file. I then attempted to open it using the file open option of the file menu. The file was recognized as a "Security Certificate" [app/pkix-cert] and wanted to open with 'CERFile'. This is the Windows displayer for certs. It installs into the ie structure. What application should I use to install it into the Mozilla structure. Victor Robert Relyea wrote: > > > Victor Probo wrote: > >> Robert; >> Let me start with two sentences in your answer: > --<<snip>>-- >> The reason I bring this up is that while standards and RFC' s are >> great (so many to >> choose from) it is the early implementations that define the >> 'practice'. And >> 'practice' takes pecedence over 'policy'! The X.509 allowes multiple >> subjetAltName >> extensions, which means multiple e-mail addresses, Why not the address >> book? > > > > This is hardly the first implementation of S/MIME. We will already face > the problem that older versions don't even understand subjectAltName, > yet alone handle a multiple email address to single cert mapping. > Existing versions of Communicator will downright choke on Certs > presented as email certs without the email address in the SubjectName. > > (BTW it's not the address book that stores the mapping, it's the > certificate store, which is only relevant to this discussion because it > is possible to dynamically replace the certificate store with your own > in NSS 3.4, which means we have a prayer of back fitting old versions --<<snip>>--
