Hi Andreas, > > new certificates for some transit time in our Djigzo database. This > > should be no problem for decrypting keys as all matching for a give > > address will be tried i guess.
Yes that should be no problem. The gateway will search for any available private key which can be used to decrypt the message with. > > address will be tried i guess. For signing the documentation says "if > > there are multiple certificates suitable for signing, the first > > certificate found will be selected". Is it possible to alter this to > > something like the certificate with the longest validity will be > > selected? I guess this would better fit most cases. The way it currently works is that once a signing key has been selected, it will be used until the signing key (to be precise, the certificate associated with the private key) expires or, is no longer valid, or when a new signing key is explicitly selected. Selecting a signing key for every new email might not always be the best choice because it won't allow you to explicitly select a different one than the selected one. Suppose you have a certificate which you must use for signing but have another one which should be used for decryption, and the encryption key's validity exceeds the validity of the signing key. In that case you want to make sure the explicitly selected signing key will always be used (at least until it expires). > > selected? I guess this would better fit most cases. You might be right. I can add an option so you can choose which private key select procedure you want to use. For example the following options: NEVER_SELECT SELECT_FIRST_TIME SELECT_NEWEST SELECT_LONGEST_VALID Is it possible to add a JIRA entry for your request? https://jira.djigzo.com/ Kind regards, Martijn On Thu, 2010-09-16 at 16:18 +0200, [email protected] wrote: > _______________________________________________ > Users mailing list > [email protected] > http://lists.djigzo.com/lists/listinfo/users > email message attachment (attached message.eml) > > -------- Forwarded Message -------- > > From: [email protected] > > To: [email protected] > > Subject: [Djigzo users] Automatic certificate selection > > Date: Thu, 16 Sep 2010 16:18:21 +0200 > > > > Hello > > > > Our user certificates reach their first year this autumn and we > > prepare for renewal of the certificates, which means we have old and > > new certificates for some transit time in our Djigzo database. This > > should be no problem for decrypting keys as all matching for a give > > address will be tried i guess. For signing the documentation says "if > > there are multiple certificates suitable for signing, the first > > certificate found will be selected". Is it possible to alter this to > > something like the certificate with the longest validity will be > > selected? I guess this would better fit most cases. > > > > Regards > > > > Andreas > > > > _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
