Zitat von Martijn Brinkers <[email protected]>:
[email protected] wrote:This seem to be true unfortunately. Some sources on the net even say that timestamps are not (yet) supported in S/MIME but maybe it is more the lack of support from the mailclients because RFC 3161 define it as x509 extension so S/MIME should be no problem as far as i can see.S/MIME uses CMS for digital signatures etc. The timestamp will be stored inside the CMS structure so it should be possible. What I think they mean with not yet supported is that it's not yet an official S/MIME spec.How is the problem with expired signatures supposed to be solved otherwise? If i change the system date all the formelry valid signatures in the inbox are treated as invalid signed and a warning is displayed. Not how it is supposed to work i think...In principle it is possible to see why the signature failed (failed because the certificate expired or because the message has been tampered). The only real way to solve this is by using a trusted timestamp like you suggested. It would however be nice if the email clients would allow the signature to be validated against the date it was signed.Any other methods available to get around the problem of "ageing" client signatures??That depends on the problem you want to solve. Do you want to check whether it was signed correctly in case of a dispute? For example some sender denies it has sent a message some time ago. Now you need to prove the message was actually sent. Or, do you want to allow all recipients to check the signature after some time? It's is possible to create a simple program that allows you to set the date at which the signature should be checked. This however doesn't work directly from Outlook or Thunderbird.
The whole point is: We teach the users to obey valid signatures as additional saftey/assurance. But if the user have a look at the mails in the inbox after some time, many or all of the signed messages pop up with "invalid signature" warnings. This may be logically for technical people, but end-users are scared by such unexpected warnings they don't understand. So if we like to get digital signatures and encryption to be used, they must be user-proof as far as possible. Timestamping when signing would be one piece in the puzzle to prevent unexpected/confusing warnings.
Regards Andreas
smime.p7s
Description: S/MIME Signatur
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
