- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Wed, 14 Nov 2012 16:15:06 -0500
- To: Melvin Carvalho <melvincarvalho@gmail.com>
- CC: public-xg-webid@w3.org, public-webid <public-webid@w3.org>
- Message-ID: <50A409DA.1010204@openlinksw.com>
On 11/14/12 3:34 AM, Melvin Carvalho wrote: > > OK, I've managed to create a special cert for email only with the same > key. > > What should be the EXACT SAN for signing email? > > I have: > > URI: http://melvincarvalho.com/#me, mailto:melvincarvalho@gmail.com > <mailto:melvincarvalho@gmail.com> > > But it's still not working yet ... Why don't you just go to: http://id.myopenlink.net/certgen and do the following: 1. generate a certificate 2. see that you can use it send send signed emails. If you get to that point, compare the certificate produced by the service with the one you are trying to generate by hand. That's a shortcut to closing this matter. Note the following re. email clients: 1. they will check to see that the email address imprinted in the cert matches what you use when you send mail -- i.e., they will check the email account setup 2. they will repeat the check above on receipt of mail -- i.e., that the email address imprinted in the cert. matches that of the sender 3. on receipt of mail they will also attempt to verify the issuers signature using the issuers public key -- this is where the local CA trust chain comes into play . All of the above provides protection before we then consider following a WebID in SAN. S/MIME is a solid protocol only compromised by the CA network and the tedium associated with certificate generation. Like most existing pre. Web protocols, it is ultimately a powerful WebID compliment. -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Wednesday, 14 November 2012 21:15:30 UTC