[email protected] wrote: > The whole point is: We teach the users to obey valid signatures as > additional saftey/assurance. But if the user have a look at the mails in > the inbox after some time, many or all of the signed messages pop up > with "invalid signature" warnings. This may be logically for technical > people, but end-users are scared by such unexpected warnings they don't > understand. So if we like to get digital signatures and encryption to be > used, they must be user-proof as far as possible. Timestamping when > signing would be one piece in the puzzle to prevent unexpected/confusing > warnings.
The problem with most S/MIME clients is that they only allow strict PKI usage. It would be better to be pragmatic and explain more than just giving errors. The best advise I can give you is to use certificates that are valid for much longer than 1 year. There is not really a good reason to make a certificate only valid for 1 year (PGP keys for example never expire). Creating certificates and handing out certificates to recipients is always a pain especially if this has to be repeated every year. The problem however is that almost all commercial certificate issuers only create certificates which are valid for 1 year. Even CACert certificates are only valid for 1 year. I will see whether I can convince them to make certificate valid for longer than 1 year (at least 5 years). Kind regards, Martijn Brinkers -- Djigzo open source email encryption _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
