'[Aegypten] Bogus messages about certificates?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kmail-devel
Subject:    [Aegypten] Bogus messages about certificates?
From:       Ingo =?iso-8859-15?q?Kl=F6cker?= <kloecker () kde ! org>
Date:       2002-09-28 10:45:46
[Download RAW message or body]

Hi,

while checking the Aegypten stuff in KMail I noticed a few strange 
messages and other stuff.

In KMail the user gets the following message when the key/certificate he
wants to use for signing a message expires soon
====
txt1 = i18n( "The certificate you want to use for signing expires in %1
days.<br>This means that after this period, the recipients will not be
able to check your signature any longer." ).arg( sigDaysLeft );
====

Huh? Isn't this completely wrong?

Of course, the signature on a message which was signed with a
certificate that had already expired by the time the message was signed
will be invalid.

But the signature on a message which was signed with a certificate that
had not expired by the time the message was signed will always be valid
(as long as the certificate isn't revoked).

Do I miss anything? Is this different in S/MIME resp. Sphinx?

Another strange message is this one:
====
i18n( "<qt>The certificate does not contain your sender email 
address.<br>This means that it is not possible for the recipients to 
check whether the email really came from you.<br>Do you still want to 
use this certificate?</qt>" ),
====

Is this also a Sphinx requirement that the certificate has to contain 
the email address of the sender?

To check whether an email message really came from the sender one simply 
checks the signature. The address in the From: header is completely 
irrelevant. Of course, it might be worthwhile to warn the recipient 
when the sender's address isn't contained in the signing certificate. 
But this certainly doesn't make the signature invalid.

Furthermore when I use the PGP/MIME plugin I'm get all available 
warnings:

First I'm told that the certificate I want to use for signing expired 
11958 days ago which is bullshit since my OpenPGP key doesn't expire at 
all.

Then I'm told that the root certificate I want to use for signing 
expires in 10 days. Huh? In OpenPGP there is no root certificate.

Then I'm told that the CA certificate I want to use for signing expires 
in 10 days. Huh? In OpenPGP there is also no CA certificate.

Last but not least, I'm told that the certificate doesn't contain my 
email address which is also wrong. This could be a problem with the 
non-ASCII character in my user id.

FYI, here is my "certificate":
pub:u:1024:17:1A747E4530E0B9D8:971730462:::u:::scESC:
uid:u::::::::Ingo Klöcker <ingo.kloecker@epost.de>:
uid:u::::::::Ingo H. Klöcker <ingo.kloecker@web.de>:
uid:u::::::::Ingo H. Klöcker <ingo.kloecker@arcormail.de>:
uid:u::::::::Ingo H. Klöcker <ingo.kloecker@matha.rwth-aachen.de>:
uid:u::::::::Ingo Klöcker <kloecker@kde.org>:
sub:u:2048:16:30CFDDC732319538:971730489::::::e:

BTW, do we really have to call it certificate? In the OpenPGP world this 
is usually called key instead of certificate.

Regards,
Ingo

[Attachment #3 (application/pgp-signature)]
_______________________________________________
KMail Developers mailing list
kmail@mail.kde.org
http://mail.kde.org/mailman/listinfo/kmail

[prev in list] [next in list] [prev in thread] [next in thread] 