[email protected] wrote: > > This seem to be true unfortunately. Some sources on the net even say > that timestamps are not (yet) supported in S/MIME but maybe it is more > the lack of support from the mailclients because RFC 3161 define it as > x509 extension so S/MIME should be no problem as far as i can see.
S/MIME uses CMS for digital signatures etc. The timestamp will be stored inside the CMS structure so it should be possible. What I think they mean with not yet supported is that it's not yet an official S/MIME spec. > How is the problem with expired signatures supposed to be solved > otherwise? If i change the system date all the formelry valid signatures > in the inbox are treated as invalid signed and a warning is displayed. > Not how it is supposed to work i think... In principle it is possible to see why the signature failed (failed because the certificate expired or because the message has been tampered). The only real way to solve this is by using a trusted timestamp like you suggested. It would however be nice if the email clients would allow the signature to be validated against the date it was signed. > Any other methods available to get around the problem of "ageing" client > signatures?? That depends on the problem you want to solve. Do you want to check whether it was signed correctly in case of a dispute? For example some sender denies it has sent a message some time ago. Now you need to prove the message was actually sent. Or, do you want to allow all recipients to check the signature after some time? It's is possible to create a simple program that allows you to set the date at which the signature should be checked. This however doesn't work directly from Outlook or Thunderbird. Kind regards, Martijn -- Djigzo open source email encryption _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
