W3C home > Mailing lists > Public > public-rww@w3.org > October 2012

Re: Getting Serious about WebID Bootstrap

From: David Chadwick <d.w.chadwick@kent.ac.uk>
Date: Mon, 01 Oct 2012 12:57:42 +0100
Message-ID: <50698536.7080600@kent.ac.uk>
To: Kingsley Idehen <kidehen@openlinksw.com>
CC: Melvin Carvalho <melvincarvalho@gmail.com>, nathan@webr3.org, "public-rww@w3.org" <public-rww@w3.org>, WebID XG <public-xg-webid@w3.org>
Kingsley

the problem I have is that the signer's self signed certificate is not 
available to me. Your S/MIME cert did not include the issuer's cert in 
the certificate chain, so where do I get it from? Without this root cert 
I am not able to validate your cert. When sending signed email, isnt it 
possible to include the full cert path?

Or is that your email client is sending it, but Thunderbird is hiding it 
from me?

regards

David


On 30/09/2012 18:11, Kingsley Idehen wrote:
> On 9/30/12 7:05 AM, Melvin Carvalho wrote:
>>>> >>
>>> >Why? what do I gain from doing this - consider me a naive outsider
>>> >
>>> >
>> Essentially this links your email to your WebID / Social Graph in a,
>> standards compliant, machine readable way.
>>
>> I've imported my cert into thunderbird and imported the root node as a CA
>> but I get
>>
>> "Sending of message failed.
>> Unable to sign message. Please check that the certificates specified in
>> Mail & Newsgroups Account Settings for this mail account are valid and
>> trusted"
>>
>> http://kb.mozillazine.org/Message_security
>>
>> Verify whether all parent nodes of the certificate are in your list of
>> trusted CAs, and whether they can be used to identify mail users
>>
>> Looks I've done this but it still throws an error.  I've had bugs in
>> thunderbird before wrt security.  Not sure on this one ...
>>
>
> You have to ensure the the following:
>
> 1. signer certificate is imported via "Authorities" tab
> 2. personal certificates (signed using the signer cert.) are imported
> into "Your Certificates" tab
> 3. email address in the certificate matches the email address of the
> Thunderbird account being configured.
>
> You can also read:
>
> 1. http://bit.ly/NrzHNY -- using Thunderbird to send digitally signed
> email .
>
Received on Monday, 1 October 2012 11:58:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 1 October 2012 11:58:15 GMT