BJUENEMAN(_at_)novell(_dot_)com wrote:
And your signed message causes GroupWise to say, effectively, that
"dennis(_dot_)glatting(_at_)plaintalk(_dot_)bellevue(_dot_)wa(_dot_)us" is
not the same person
as the "dennis(_dot_)glatting(_at_)software-munitions(_dot_)com" that was
issued a
VeriSign certificate.
Damn. I thought I changed my cert. Obviously I did not. I will fix
that.
But did Communicator complain because you don't haven't added the
Novell root certificate to your cache of trusted roots, or because your
incoming mail processor modified the contents somehow, or was
there some other kind of problem?
I did not add a Novell root cert. However, NS says there is a "NOVELL
EMPLOYEE CA - NOVELL_INC" and another Novell cert loaded. When I read
your messages I notice your cert listed in "Other People's
Certificates." I can add that cert but I don't that that is your
point, is it?
It's possible my mail tool modified the input. I am working on my mail
environment, turning off my NeXTSTEP machines, using different mail
tools, adding TLS to secure IMAP transport -- generally having fun.
When I click on the Invalid Signature icon associated with your
messages NS displays:
The Certificate that was used to digitally
sign this message is invalid.
The error was: The certificate issuer for
this server has been marked as not trusted
by the user. Netscape refuses to connect
to this server.
(I did?)
This message included the Security
Certificate for BJueneman. To check the
Certificate or edit Certificate Trust
Information, press the ``View/Edit'' button.
This Certificate has automatically been
added to your list of People's Certificates
to make it possible for you to send secure
mail to this person.
What do you suggest I do?
And BTW, Has anyone notied the irony of having these kinds of problem
on this list? Maybe we should all start eating our own dog food, and
actually use the stuff we're building, on this list in particular?
Sure. I'm game. Though I have done much reading on PK standards and
read various other books over the years I haven't really used the
technologies, mostly due to stupid vendor implementations (my favorite
is buying a "recently released" package in May of 1999 that wasn't Y2K
compliant and required me to downgrade the NT server to a non-Y2K
version), compatibility issues, implementation issues, licensing
issues, etc. So, since I am between projects and have time on my
hands, to use your own words, I'm eating my own dog food. :)
This is signed with a 1024 bit key, using the same root certificate,
which however uses a 2048 bit key.
Let's resolve this issue off-line.