Dear Nelson- Thanks for the reply
> > is it possible to set the preferred algorithm > > in Thunderbird to also use AES for its S/MIME operations? > > No. The S/MIME protocol is designed to obviate any such setting. > When you receive a signed message from a correspondent, that message > contains an enumeration of the ciphers supported by that correspondent's > email software. Thereafter, when you send an encrypted message to that > correspondent, your email software should pick the strongest algorithm > and key size (for algorithms that support multiple key sizes) that is > mutually supported. While that may be the protocol with Thunderbird, other email clients seem to offer that choice or warn if they don't meet a threshold. Outlook allows one to set 3des, des, or RC2 at several key sizes.. As does OpenSSL in its S/MIME commands- -des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 A feature of choosing or specifying symmetric algorithm would be welcome. . > > Some certs have the preference set in them as a first choice (often 3DES) > > Please show an example of such a cert and/or cite the relevant standard > for the X.509 v3 certificate extension that contains that information. You are quite right, I mis-spoke, that oid is not in the key but in the element passed to the recipient. Yours- Ridge -------------------------------- "Nelson Bolyard" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] <snip> _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
