Ian G wrote:
Hmm, ok, well I suppose that's true as an assumption, and looking at Account / Settings ... the cert that is now selected to sign for this email address is *not* for this email address. This may explain why it didn't in the end sign for this email ;-)
Well, I just tried it from the proper email address, and it didn't work. This time I read the popup carefully, and it said "check if the cert is valid and *TRUSTED* ..."
So, I have a CACert certificate. And I suppose what I am being told is that this is not trusted ... and therefore I am not permitted to sign? (And because I can't sign I can't encrypt :-)
That would be a bug, if true. Even if one were not aghast at the temerity of restricting signatures to people with paid permission ... I would have thought it blindingly obvious that the *verification* is where the quality of the signature chain should be checked.
(It doesn't say anywhere that the cert is not "trusted" by Thunderbird so it may be that there is another problem elsewhere. Are CACerts and Thunderbird compatible ? Hey Duane, any daylight down there?)
Anyway, thanks for your help guys.
Question - should all this be bug filed, or is it all covered in some standard somewhere, so no point? I'm really an OpenPGP guy, so it's no big issue to me personally, but if there is any intention to get this stuff deployed for average users then I can have a go at filing a bug.
iang -- News and views on what matters in finance+crypto: http://financialcryptography.com/ _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security