Hi List, I've recently written about a windows firefox hardware token problem (see list) and didn't get a solution before the discussion drifted off into universalities. Problem not solved, customer unhappy and us too. Now I've struggled with S/Mime in Thunderbird (2 and 3b2). A colleague sends an email (from outlook) with a p7s mime attachment (Thawtee free email cert). I can see in thunderbird that the email is signed and when I click on the sealed envelope icon it tells me that the cert is fine and such but don't see his cert in the cert-store. Not under Win and Linux. On Windows I can import the cert file into the windows cert store and there it looks fine. I assume that other people can utilize his cert (with outlook probably) because he uses it for some time already. So - what gives thunderbird? If I try to move to gpg/enigmail I'm stuck with thunderbird 2 since enigmail hasn't been updated since 2008 and doesn't support the 3b2 - at least the installation xpi says so. How about integrating such security relevant parts directly into thunderbird? And before someone asks "why don't you implement it": IMHO someone with real knowledge should be employed by mozilla fulltime - or what does mozilla do with the (IIRC) 20 Mio$ it got from google for the firefox google search site?
That's why I think that big parts of security suck in "mozilla". Regards Udo Puetz -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
