Gervase Markham wrote:
Ian G wrote:
I'd say 40 bit is good enough for banking, and 128 bit
is good enough for banks :-) As the TLS people have now
added a 256 bit protocol suite, they no doubt think that
only 256 should be used by banks...
I think you may have missed my point, which was: a
Ram A M wrote:
I want to disclose that I work for a commercial CA. I also want to
make clear that like always in my postings here I am not representing
my employer. My postings here are my opinion and my opinion is subject
to change. I should also point out in case it's not obvious that I am
not a
Ian G wrote:
OK, I'll accept that. So your message for the good certs is what?
If you put your CC number into here and get ripped off,
it might be possible for you to find the guy who did it.
Just about. As a consumer, I'd be happier with that than Hey, if you
get ripped off, it's not
Ram A M wrote:
a lot of good sense
I agree with most of the things you say, and your analysis. Some comments:
As the
value of having SSL certificates warrants the effort to attack the
vetting process the criminals will do so and they will likely attack
the weakest process first [an interesting
Gervase Markham wrote:
...I'm saying that we
need to assess certs according to how likely it is that we can trace the
cert back to a real individual, not as to how the data required for such
tracing was gathered.
OK, the answer to that is reasonably likely if
the person doesn't care, and
Gervase Markham wrote:
Ian G wrote:
OK, I'll accept that. So your message for the good certs is what?
If you put your CC number into here and get ripped off,
it might be possible for you to find the guy who did it.
Just about. As a consumer, I'd be happier with that than Hey, if you
Gervase Markham wrote:
Of course, we might be able to make it work by reducing the number of
CAs to (say) 8...
The market works all this out. There will be some
settling. In each country there will be like 1-3
big national brands. Then there will be the globals,
the Intels of certification,
Nelson B wrote:
Ian G wrote:
(OTOH, something like SSLv2 v. SSLv3/TLSv1 is stopping
people elsewhere using crypto.
What are you talking about?
This one:
Nelson B wrote:
Julien Pierre wrote:
There is a TLS extension called server name indication. It is
currently not implemented by NSS .
[long post]
I've been trying to progress bug 273419 (disclosure
of local files) and bug 230606 (same origin for local files).
Some notes.
Where I'm coming from:
Firefox's smooth user experience makes Fx a popular
product for end users. A similarly smooth experience will
help make moz/xulrunner/Fx
Peng wrote:
That may instead annoy them sufficiently that they switch back to IE, if
they need to visit the site a lot. Personally, I didn't used to think
to contact a website if there was a problem. I just ignored it or went
to another website or spoofed my user agent or something.
Putting
Ian G wrote:
Peng wrote:
That may instead annoy them sufficiently that they switch back to IE,
if they need to visit the site a lot. Personally, I didn't used to
think to contact a website if there was a problem. I just ignored it
or went to another website or spoofed my user agent or
Hi Peter,
It should be noted that VeriSign sold the registrar division of Network
Solutions (including the brand) back in 2003. It is no longer has any
affiliation with VeriSign.
Alex
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Peter
Duane wrote:
This certificate is 50% good (128/256) or 15% good (40/256) then you
just alter the top number, or even subtract for bad protocols, I'm sure
people would get the idea pretty quick and it would be consistent, even
when things change in future...
That's better, but it doesn't address
[EMAIL PROTECTED] wrote:
So we created a new type of automated
certificate that focuses on proof of domain control in real time
combined with real time email and telephone validation and
sophisticated fraud-detection algorithms.
I'd be interestd in hearing more about the real-time email and
Duane wrote:
Ian G wrote:
Peng wrote:
That may instead annoy them sufficiently that they switch back to IE,
if they need to visit the site a lot. Personally, I didn't used to
think to contact a website if there was a problem. I just ignored it
or went to another website or spoofed my user agent
Gervase Markham wrote:
[EMAIL PROTECTED] wrote:
So we created a new type of automated
certificate that focuses on proof of domain control in real time
combined with real time email and telephone validation and
sophisticated fraud-detection algorithms.
I'd be interestd in hearing more about the
Gervase Markham wrote:
Ian G wrote:
Why are you requiring that of GeoTrust? What happens
if they don't provide that service?
Then the browser UI I write doesn't mark their certs as suitable for
commerce :-)
That would be incomplete :) What you should say is that
Gervase thinks GeoTrust
Gervase Markham [EMAIL PROTECTED] writes:
As some of you have noted, Opera 8 beta 3 now displays the contents of
the certificate's Organisation field in the UI, ostensibly as an
anti-phishing measure.
GeoTrust has just released a paper outlining the problems with this
approach, and giving
Ian G [EMAIL PROTECTED] writes:
Frank Hecker wrote:
It's interesting to see discussion heating up around the topic of CAs
and their roles, and of course this is all useful background for future
decisions we might make regarding browser UI.
Yes Sir! The more browser manufacturers do to
Ian G wrote:
http://www.ebcvg.com/articles.php?id=673
Mozilla: The Honeymoon is over
Well, this time it's the analysis by the expert who's selling
antivirus/http filters.
Unfortunately, many will fail to his incredibly specious assessments
about the recent vulnerabilities in Mozilla without
Jean-Marc Desperrier wrote:
Ian G wrote:
http://www.ebcvg.com/articles.php?id=673
Mozilla: The Honeymoon is over
Well, this time it's the analysis by the expert who's selling
antivirus/http filters.
Unfortunately, many will fail to his incredibly specious assessments
about the recent
On 04/11/05 23:27, Peter Gutmann wrote:
Frank Hecker [EMAIL PROTECTED] writes:
Doug Wright wrote:
Gerv suggested I post this here for discussion - copied from bug 288693
[Snip]
In Opera, the message must be OKed/cancelled *before the site is even
rendered*
My personal preference would be a
The article is essentially correct. From what I've seen, Firefox is
only slightly more secure than MSIE, and much of that is due to the fact
that it does not support ActiveX components. I've always taken for
granted that the browser would not be truly secure, as that would
require a rigor in
Duane wrote:
Peter Gutmann wrote:
You may as well name 'em since it's fairly well known, it's Verisign (yes, the
Actually another one, so that makes 2 of them (at least)...
Duane,
Either you are working for some company and you have
a conflict of interest that stops you doing security
work. Or
http://www.techworld.com/security/news/index.cfm?NewsID=3468
SSL 'security' aiding online fraud
http://www.ebcvg.com/articles.php?id=673
Mozilla: The Honeymoon is over
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
Ian G wrote:
http://www.techworld.com/security/news/index.cfm?NewsID=3468
SSL 'security' aiding online fraud
Considering the experts giving these claims are trying to sell more
expensive certs, I'm going to take it with a grain of salt until more
attacks hitting my inbox really do start using
Duane wrote:
Ian G wrote:
http://www.techworld.com/security/news/index.cfm?NewsID=3468
SSL 'security' aiding online fraud
Considering the experts giving these claims are trying to sell more
expensive certs, I'm going to take it with a grain of salt until more
attacks hitting my inbox really do
As some of you have noted, Opera 8 beta 3 now displays the contents of
the certificate's Organisation field in the UI, ostensibly as an
anti-phishing measure.
GeoTrust has just released a paper outlining the problems with this
approach, and giving practical and real-world examples:
Gervase Markham wrote:
GeoTrust has just released a paper outlining the problems with this
approach, and giving practical and real-world examples:
http://geotrust.com/resources/advisory/sslorg/index.htm
...and there's a white paper which goes into more depth.
Ka-Ping Yee wrote:
This is further evidence that we cannot rely on CAs to maintain
clear uniqueness of certificates,
Where did CAs ever claim that they were maintaining uniqueness of the O
field?
Where does this paper say that non-unique certificates are being issued?
They should all be
Ka-Ping Yee wrote:
This is further evidence that we cannot rely on CAs to maintain
clear uniqueness of certificates, and that we must enable users
to establish trust relationships without having to depend on CAs.
Certainly, relying on the CAs to maintain any
uniqueness amongst the entire set is a
Ian G wrote:
I've just upgraded my Firefox to 1.0.2 and this time
the FreeBSD version handles plugins, so I installed
both of them. Unfortunately petname doesn't appear.
OK, Ping just fixed me up there, it had to be dragged
from the pallete. Now it's sitting there and I have
petnamed two of my
Gervase Markham wrote:
...and there's a white paper which goes into more depth.
http://geotrust.com/resources/white_papers/pdfs/SSLVulnerabilityWPcds.pdf
Hey Ian, they read your blog :-) See the footnote to page 11 (page 13
in the PDF).
Note that the Geotrust paper basically contradicts the
I'm new to this group, but wanted to offer some observations as the
author of the GeoTrust White Paper in the link above (and repeated
here):
http://www.geotrust.com/resources/white_papers/pdfs/SSLVulnerabilityWPcds.pdf
I'm a recovering lawyer (haven't practiced for 20 years), so when I
first
Frank Hecker wrote:
Gervase Markham wrote:
...and there's a white paper which goes into more depth.
http://geotrust.com/resources/white_papers/pdfs/SSLVulnerabilityWPcds.pdf
Hey Ian, they read your blog :-) See the footnote to page 11 (page 13
in the PDF).
Indeed, I just got to that part
Vincent THOREL wrote:
I have written a XPCOM C++ Components.
[...] It work in signed JAR and
requested privilege(UniversalXPConnect) is accepted from remote host
because it is signed.
But the problem is, I want to use this component into a HTTPS page.
And when I run this page, i got in
Frank Hecker [EMAIL PROTECTED] writes:
Doug Wright wrote:
Gerv suggested I post this here for discussion - copied from bug 288693
[Snip]
In Opera, the message must be OKed/cancelled *before the site is even
rendered*
My personal preference would be a dialog with a delayed OK button
(like
Duane [EMAIL PROTECTED] writes:
Ram A M wrote:
I have SSL2 disabled and AFAIK it has not limited my access to sites in
a long time. Perhaps it is time to retire SSL2 in the default config.
I have had problems with one domain registrar using it...
You may as well name 'em since it's fairly
Peter Gutmann wrote:
You may as well name 'em since it's fairly well known, it's Verisign (yes, the
Actually another one, so that makes 2 of them (at least)...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
Peng [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]...
On 04/09/05 14:20, yamaha wrote:
I am trying to get Thunderbird to reset my password.
I have 3 accounts in win2k (logins)
2 of the 3 have a TB account ( and unique names). ( both logins fail)
I read TB FAQ, TB KB, and
just tried a new host and im very pleased. try
http://isphost.org/
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
I am trying to get Thunderbird to reset my password.
I have 3 accounts in win2k (logins)
2 of the 3 have a TB account ( and unique names). ( both logins fail)
I read TB FAQ, TB KB, and a million post in Usenet (groups)
No solutions work for me , including , install and reinstall.
I even killed
On 04/09/05 14:20, yamaha wrote:
I am trying to get Thunderbird to reset my password.
I have 3 accounts in win2k (logins)
2 of the 3 have a TB account ( and unique names). ( both logins fail)
I read TB FAQ, TB KB, and a million post in Usenet (groups)
No solutions work for me , including ,
Hi All,
I have written a XPCOM C++ Components.
From a remote Web Site, I want to use this component,
so I signed the JavaScript / HTML page using it with NSS tools.
Greats now I can use this component from Http! It work in signed JAR and
requested privilege(UniversalXPConnect) is accepted from
Ram A M wrote:
I think if you're trying to address reused passwords harvested via
website compromise this is indeed effective.
I was thinking it could also be leveraged to work against domain
spoofing attacks as well and without a resilient UI it is not very
effective at this as an attacker
Steve wrote:
I am working with the source for Firefox 1.0.2 and would like to disable FTP
and the ability to browse the file system. This is for a very high security
location and needs to be complied without these. Any ideas where the best
place to do this (and how), will be greatly appreciated.
I
Ian G wrote:
Right. And now we reach a big philosophical
issue for Mozilla, which has been mooted upon
in these very pages of late.
Who is Mozilla for? Who is Tbird courting?
If it's the average user a.k.a. Joe Sixpack,
then we have one way of looking at how to
secure his traffic.
If it's Terry
Strongly agree. This the model that Apple uses in their systems and
this is the only way to serve multiple user types well.
Personally I like a brief interview type approach at initial install.
___
Mozilla-security mailing list
Gervase Markham wrote:
So in two years, time, when the advice changes to 256/2048, they have to
learn a new set of numbers?
I should issue a better cert for the CAcert website, but it's more
common then not that I'm getting 256/1024, and the root cert is 4096,
which some software still doesn't
Gervase Markham wrote:
Ram A M wrote:
I think if you're trying to address reused passwords harvested via
website compromise this is indeed effective.
I was thinking it could also be leveraged to work against domain
spoofing attacks as well and without a resilient UI it is not very
Duane wrote:
Ram A M wrote:
I have SSL2 disabled and AFAIK it has not limited my access to
sites in
a long time. Perhaps it is time to retire SSL2 in the default
config.
I have had problems with one domain registrar using it...
Yep me too, it seems netsol still requires SSL2. I wonder how
I am working with the source for Firefox 1.0.2 and would like to disable FTP
and the ability to browse the file system. This is for a very high security
location and needs to be complied without these. Any ideas where the best
place to do this (and how), will be greatly appreciated.
I have
If one wanted to achieve a useful distinction, then I suggest warning
when an SSL v2
protocol site is struck, as at least then a real issue is being
addressed.
I have SSL2 disabled and AFAIK it has not limited my access to sites in
a long time. Perhaps it is time to retire SSL2 in the default
Ram A M wrote:
If one wanted to achieve a useful distinction, then I suggest warning
when an SSL v2
protocol site is struck, as at least then a real issue is being
addressed.
I have SSL2 disabled and AFAIK it has not limited my access to sites in
a long time. Perhaps it is time to retire SSL2 in
Ram A M wrote:
I have SSL2 disabled and AFAIK it has not limited my access to sites in
a long time. Perhaps it is time to retire SSL2 in the default config.
I have had problems with one domain registrar using it...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
Ram A M wrote:
The issue I see is that the scheme relies on a trusted input mechanism
that is triggered by user action on a webpage.
Actually, triggered by a user choosing an item from a context menu.
Say I use this scheme to register at a website (ie create the initial
password at the site by
Frank Hecker wrote:
This raises the question that we've previously debated on this group: If
popping up a warning dialog the right thing to do, or does that just
encourage users to blindly click OK? Is a better alternative to just
display the page without the SSL lock icon, with an accompanying
Ian G wrote:
Why not just put the number of crypto bits on the status
bar, next to the site name, CA name and padlock?
I'm surprised at you, Ian. I would have thought the reason was obvious :-)
In Opera, the message must be OKed/cancelled *before the site is even
rendered*
Heavens above! I
Doug Wright wrote:
Gerv suggested I post this here for discussion - copied from bug 288693
When visiting 'secure' sites that use outdated encryption,
Firefox/Thunderbird should give a big ugly warning about the dangers
of submitting information to this site.
[...]
My personal preference would
Jean-Marc Desperrier wrote:
I'm surprised nobody has said until now that there's already such a
warning dialog for 40 bit crypto (at least in the suite, maybe FF
removed it).
I don't believe 512 RSA keys trigger it, though.
512 bit keys are a lot stronger than 40 bit, they are
more like about
Gervase Markham wrote:
Ian G wrote:
Why not just put the number of crypto bits on the status
bar, next to the site name, CA name and padlock?
I'm surprised at you, Ian. I would have thought the reason was obvious :-)
It could be blindingly obvious to others ... but it's
not to me!
In Opera,
The unforgiveable sins this earth must confront and overcome are
Nationalism, capitalism, and hoarding. The idea of every nation
should be forgot, price should be struck from the commons, and
princes should be seen for the devils they are. The sins include
our church, secret societies,
Gervase Markham wrote:
Ian G wrote:
It could be blindingly obvious to others ... but it's
not to me!
Because 99.99% of users will have no idea what the numbers are, nor will
they have any ability to make sensible decisions based on them.
Well, they are generally in a much better position
to make
Dear Manager,
How are you!
Very nice to learn that your esteemed company is in the botanical
extracts field. I am so glad to have this precious opportunity to
introduce Organic Herb Inc. to your reference.
Organic Herb Inc have been in this line for 8 years and developed 400+
standardized
Dear Manager,
How are you!
Very nice to learn that your esteemed company is in the botanical
extracts field. I am so glad to have this precious opportunity to
introduce Organic Herb Inc. to your reference.
Organic Herb Inc have been in this line for 8 years and developed 400+
standardized
Here's the Javascript advisories for Firefox 0.x and 1.x:
http://secunia.com/advisories/14820/
Here's the related Mozilla Suite 0.x - 1.7.x:
http://secunia.com/advisories/14821/
There is a test on the for this on the link pages.
Allen
___
I think if you're trying to address reused passwords harvested via
website compromise this is indeed effective.
I was thinking it could also be leveraged to work against domain
spoofing attacks as well and without a resilient UI it is not very
effective at this as an attacker (phisher) could
The unforgiveable sins this earth must confront and overcome are
Nationalism, capitalism, and hoarding. The idea of every nation
should be forgot, price should be struck from the commons, and
princes should be seen for the devils they are. The sins include
our church, secret societies,
The unforgiveable sins this earth must confront and overcome are
Nationalism, capitalism, and hoarding. The idea of every nation
should be forgot, price should be struck from the commons, and
princes should be seen for the devils they are. The sins include
our church, secret societies,
The issue I see is that the scheme relies on a trusted input mechanism
that is triggered by user action on a webpage.
Say I use this scheme to register at a website (ie create the initial
password at the site by having the browser generate an initial password
per the PwdHash scheme). Now when I
Gerv suggested I post this here for discussion - copied from bug 288693
When visiting 'secure' sites that use outdated encryption,
Firefox/Thunderbird should give a big ugly warning about the dangers
of submitting information to this site.
For reference: the latest Opera 8 beta does this and
Doug Wright wrote:
Gerv suggested I post this here for discussion - copied from bug 288693
When visiting 'secure' sites that use outdated encryption,
Firefox/Thunderbird should give a big ugly warning about the dangers
of submitting information to this site.
For reference: the latest Opera 8
Ian G wrote:
Hi Julien,
Julien Pierre wrote:
Ian,
Ian G wrote:
For encryption, just now I tried again, and I
may have figured out the problem: it requires
me to select a certificate, which wasn't
obvious the first time I went through the various
dialogues; it should just automatically select
the
Julien Pierre wrote:
Hmm, ok, well I suppose that's true as an assumption,
and looking at Account / Settings ... the cert that
is now selected to sign for this email address is
*not* for this email address. This may explain why
it didn't in the end sign for this email ;-)
File a bug on the UI -
Julien Pierre wrote:
Thus, for individual users' self-signed certs to work, everybody would
need to blindly trust everybody else's individual cert. I don't see how
you expect that to actually be workable.
I'd just consider it a step better than unprotected
email. It's what you get for free,
Duane wrote:
Ian G wrote:
Ah, ok, I recall this being mentioned a squillion
times. Now it happens to me :-/
So yea, now you know why it's important for mozilla guys to come up with
a database that can be shared between both apps...
Or that people would like to keep using the Mozilla Suite
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Ian G wrote:
| So now I have to figure out how to find a cert for
| this email address. Now given that it took like
| 10 minutes of clicking around by an expert in the
| CA's business to do with the one cert I've got, I'm
| not hopeful!
|
|
Tudo sobre hospedagem de sites , planos profissionais , economicos e
muitos outros , sua empresa na internet por apenas 2,99 ao mês!
http://www.hosting4u.com.br
hospedagem hospedagem hospedagem hospedagem hospedagem hospedagem hospedagem
hospedagem hospedagem hospedagem
J. Wren Hunt wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Ian G wrote:
| So now I have to figure out how to find a cert for
| this email address. Now given that it took like
| 10 minutes of clicking around by an expert in the
| CA's business to do with the one cert I've got, I'm
|
Had to share this one with everyone, you can get free petrol for a year at
this site:
http://freefuel.freestarthost.com/
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
Perfect unused Penny Black here !
http://pennyblack.freestarthost.com/
Jane
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
You can't beat this horse!
http://racehorse.freestarthost.com/
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
J. Wren Hunt wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Ian G wrote:
|
| Right, but considering that this is *email*
| and CAs are simply some optional extra to do
| with commercial users (and we saw what they
| want) then when it comes to *email* there is
| no need to bash anyone's
Ferrari F430
0 - 62 mph in 4 seconds, Top speed 196 mph !
Need i say more ?
http://supercar.freestarthost.com/
Leanne
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
Free ADSL for a year beat that for a cheapness lol
http://freeinternet.freefronthost.com/
Jenns.
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
Can't beat this for a classic look at this absolute
beauty, my dad used to have one of these
http://rollsroyce.freestarthost.com/
Harriet
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
Ian G wrote:
Right, but considering that this is *email*
and CAs are simply some optional extra to do
with commercial users (and we saw what they
want) then when it comes to *email* there is
no need to bash anyone's head over any issue.
I see 2 primary benefits of including a CA in the
Fasted car in the world for defo !: http://porche.freestarthost.com/
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
Anyone know how this media hub works ? i'd found this page that looks
intesting .http://mediahub.freestarthost.com/
Thanks Louise
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
This super handheld looks amazing, i'v foind this cool site all about
heres the url http://sonypsp.freestarthost.com/
Irene
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
Anyone know how this media hub works ? i'd found this page that looks
intesting .http://mediahub.freestarthost.com/
Thanks Louise
___
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
Ian G wrote:
Ah, ok, I recall this being mentioned a squillion
times. Now it happens to me :-/
So yea, now you know why it's important for mozilla guys to come up with
a database that can be shared between both apps...
OK, so I manually installed the root from CACert
into TBird. And ...
CarlosRivera wrote:
I have heard that web sites are using screen size (width, height) and
depth to help track one. For example, they could make a fairly
reasonable guess that somebody with screen information of 640x480x256 or
1920x1280x32 is in a certain income category. They can also store
Financial Cryptography Update: Digitally-Signed Mail in e-Commerce - FC05
survey
March 25, 2005
http://www.financialcryptography.com/mt/archives/000414.html
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Ian G wrote:
|
|snip I recently installed a good cert into my Thunderbird and I
| still cannot send out signed or encrypted email using S/MIME (I forget
| why).
|
Are you being facetious here?
Wren
-BEGIN PGP SIGNATURE-
Version: GnuPG
J. Wren Hunt wrote:
Ian G wrote:
|
|snip I recently installed a good cert into my Thunderbird and I
| still cannot send out signed or encrypted email using S/MIME (I forget
| why).
|
Are you being facetious here?
Nope, I tried to get it going a couple of weeks
ago, and the interface has too many
Ian,
Ian G wrote:
For encryption, just now I tried again, and I
may have figured out the problem: it requires
me to select a certificate, which wasn't
obvious the first time I went through the various
dialogues; it should just automatically select
the one cert that is there (actually it should
Hi Julien,
Julien Pierre wrote:
Ian,
Ian G wrote:
For encryption, just now I tried again, and I
may have figured out the problem: it requires
me to select a certificate, which wasn't
obvious the first time I went through the various
dialogues; it should just automatically select
the one cert
Ian G wrote:
Hmm, ok, well I suppose that's true as an assumption,
and looking at Account / Settings ... the cert that
is now selected to sign for this email address is
*not* for this email address. This may explain why
it didn't in the end sign for this email ;-)
Well, I just tried it from the
Ian G wrote:
That would be a bug, if true. Even if one were not
aghast at the temerity of restricting signatures to
people with paid permission ... I would have thought
it blindingly obvious that the *verification* is where
the quality of the signature chain should be checked.
The entire
401 - 500 of 2214 matches
Mail list logo