Nelson B Bolyard wrote: > On 2010-02-18 03:06 PST, Michael Ströder wrote: > >> I'm using Seamonkey 2.0.3 under Linux. Is there a way to list and tweak the >> cached S/MIME capabilities for certain recipients? > > There is no way to list them, at present. There could be. It just doesn't > exist. As for "tweaking" them, they get tweaked each time you receive a new > signed email message from your correspondent. If your correspondent gets > new capabilities, and sends you a new signed email message, that message > should near his new capabilities, and when you read it, your DB's record of > that correspondent's capabilities should be updated.
Glad that the capabilities gets automatically updated. > Mozilla email (whether SeaMonkey or Thunderbird) will use the strongest > ciphers mutually supported, so there should be no need to tweak anything > manually. Still I'd like to see the possibility to 1. see the chiper used for a S/MIME message (similar to what's displayed for SSL) 2. explicitly exclude ciphers from the S/MIME capabilities my own MUA sends. > The design of S/MIME caps is intended to have the effect that you NEVER send > an encrypted message to a correspondent without evidence that the > correspondent will be able to decrypt it. This largely avoids the problem > of sending an encrypted message to a correspondent that he cannot decrypt. Well, but my local security policy could be to prefer avoiding to send a message with a weak cipher. > In all the years that Mozilla email products have supported encrypted email, > we've had VERY few complaints of that nature (I couldn't decrypt the email > someone sent me), and in those few cases where we did, it was because > users had multiple installations (usually on multiple systems) of their > email software, but only had their private key on one of the systems. > Problems of receiving an email that was encrypted with an algorithm > unsupported by the recipient have been non-existent, just as it should be. Yes, that's also my experience. But sometimes I'd prefer to have a stricter local config excluding weak ciphers risking that the message receivers cannot decrypt it. Ciao, Michael. -- Michael Ströder E-Mail: mich...@stroeder.com http://www.stroeder.com -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
