Ian G wrote, On 2008-12-04 22:58: > (I discovered some other oddities about S/MIME recently: revocation > seems to be incongruent with key distribution. I can distribute a new > cert only in an S/MIME signed email, but I can't distro any updates to > my key situation. When I lose a key, all the old encrypted email is no > longer readable
Well, of course, without the private key, you cannot decrypt. > ... which presumably happens when revocation happens as well. As long as you have the private key, you can decrypt. Why would you presume otherwise? > I wonder if it denies the signatures as well? Does this mean > digital signing just disappeared because of a key compromise?) Revocation information includes a revocation date. After a cert has been revoked, the validity of signatures involves determining if they were made before or after the revocation date. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
