Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Protect email with digital certificates' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Protect email with digital certificates
Authored by: AveryTimm on Jun 24, '06 12:27:29PM

I have used a Thawt cert with Apple Mail for about a year, but lately have had all kinds of problems. It basically seems to be a Windows UI problem. People have get a dialog that looks like a security 'warning' when a message with a cert arrives. It gives them the option to not open the message, which many times they do and then they don't get the message. I have had people say that the can't open the message and some that say they can't reply to the message. I have tried to get my name attached to the certificate through the web-of-trust but haven't been able to get ahold of any of the people listed in my area. I read somewhere recently that the Thawt certificates are good for a year and then you need to get a new cert, which everyone needs to have updated before it will work.

The Thawt style CA method is the best...it doesn't require any proprietary plug ins on either end. But it wont work for mail clients that have bad interfaces, and it wont work for webmail.

Two things I would like to see... If Apple Mail included (or someone made) a pref pane that would list everyone in your address book with 2 columns... 1 for "Send with Cert", and another for "Encrypt" which would be available if their cert was in my keychain. Some people I always want to send a certificate to, some people I never want to. If I know someone is using Yahoo! Mail...there is no point in sending a certificate...it's going to show up as an attachment, and I know that they are the type who are not going to DL it and check it.

Another thing would be for Google to become a certificate authority for their Gmail system, issuing certificate for gmail users. They wouldn't need to go all out and offer the other services that Thawt offers, just a free certificate to go along with Gmail. That way they could also make it work within gmail, and of course make the private key downloadable so I could add it to my keychain and use it with Mail. Otherwise the only way to make a cert work with a webmail system would be to hand over your private key to the webmail place...if Gmail was the CA they would already have it.

For the moment I have turned off the cert, and will not turn it on again unless needed.



[ Reply to This | # ]