https://bugs.openldap.org/show_bug.cgi?id=9540
--- Comment #6 from Michael Ströder <[email protected]> --- > (In reply to Michael Ströder from comment #4) >> And are you and the developers of this LDAP client aware that originally >> this attribute was meant to carry a signed S/MIME message with empty >> body to also carry the S/MIME capabilities of a client? > > Yes, we are aware of that, and that's how we've implemented our software. So you're signing with the user's private key? How? Do you have key escrow? > But I wasn't aware of this: >> [...] After that I never saw a client making correct use of this attribute. > > I was speaking of MS Outlook, but now I've performed a few more tests with > Thunderbird and Apple Mail, and neither of them did accept the format. Not > sure > if they did not accept the LDAP attribute or didn't know how to make use of > it, > but I admit I'm baffled. The Mozilla folks hunked out almost all LDAP features from the ancient Mozilla suite many moons ago, mostly the ones regarding S/MIME certs. These features never came back. Nowadays it's even harder to enroll for S/MIME certs without manual PKCS#12 import. > Can it be true that this attribute was never ever implemented properly in any > of the (widely used) email clients? Yes, exactly. And that's why this ticket is a bit about trying to ride a dead horse. Sorry. Ciao, Michael. -- You are receiving this mail because: You are on the CC list for the issue.
