>>>> One reason why I asked you about a text-formatted view of the certificate is that we can see if the X.509 extensions are right. Potentially, this is a reason for Thunderbird not to see the certificate. Do you know an idea about that? <<<<
Yes, I read the original “shy” post about the X.509 critical extensions, but had basically the same set of fields. The actual details from Microsoft Cert Manager are: X.509 Version 1 field: Version, Serial number, Signature algorithm, Issuer, Valid from, Valid to, Subject, Public key. X.509 Version 3 non-critical extension: Authority Key Identifier, Subject Key Identifier, Enhanced Key Usage, Netscape Cert Type, Certificate Policies, CRL Distribution Points, Authority Information Access, Subject Alternative Name. X.509 Version 3 critical extension: Key Usage, Basic Constraints. Other properties: Thumbprint algorithm, Thumbprint, Friendly name, Description. Note -- It did not originally have a Friendly name, so I added one (did not have any effect). I can provide details of any fields if you want. >>>> http://www.infineon.com/cgi-bin/ifx/portal/ep/channelView.do?channelId=-84648&channelPage=%2Fep%2Fchannel%2FproductOverview.jsp&pageTypeId=17099 This page provides a list of applications that support Infineon TPM Professional through the MS-CAPI or the PKCS#11 interfaces. Do you know that Microsoft Outlook uses PKCS#11 to interface with the TPM? If all of these cited applications use MS-CAPI, the fault might possibly be in Infineon's PKCS#11 implementation, too. <<<< I am not sure how I would check, although the only clue I can think of is that I didn't need to do anything in order to get the certificate to appear in Outlook (or MS Cert Mgr) -- it's just there. (With TB and the PKCS#11 module I had to enter the DLL name). I don't know if it configured itself on install, MS can find it without config, or if maybe it is using MS-CAPI which doesn't need to the DLL config. What about Netscape 4.79 / 7.2? Would they use MS-CAPI, or would have they been tested with PKCS#11? - Sly ________________________________________ From: Peter Djalaliev [mailto:[EMAIL PROTECTED] Sent: Monday, 2 April 2007 13:34 To: Stephen Gryphon Subject: Re: Email certificate from TPM does not show up in Thunderbird (or My shy certificate revisited) Hey Stephen, I thought about it some when I read your original post on mozilla.dev.tech.crypto and I see no reason why the key wouldn't show up. One reason why I asked you about a text-formatted view of the certificate is that we can see if the X.509 extensions are right. Potentially, this is a reason for Thunderbird not to see the certificate. Do you know an idea about that? Peter _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
