On 2011/03/22 02:23 PDT, silent...@gmail.com wrote: > Well, the reasons are at least obvious to us :) - the card is supposed > to be in use for least 5 years. Card owners (Health Care Providers in > our case) should be able to use various email providers for exchanging > medical reports.
Nothing says that the certificate(s) on those cards cannot be replaced or augmented during the lifetime of the card. > I think, being able to support encryption or having an option > that enables or disables verification of email addresses in > certificates would make sense. Nothing "verifies email addresses" in certificates when sending out an email. The encryption certs are stored in a database, indexed by an email address. When email is sent, Thunderbird finds the encryption cert by looking in the database for the cert whose index is the email address. AFAIK, no check is made that the cert taken from the DB has an email address in it. The issue is not what happens when the email is sent. The issue is how the email address used for the index is determined at the time the cert is added to the DB. Nothing requires that the email address used as the index must be in the certificate. It's just that Thunderbird uses the email address in the certificate as the index value when adding a received encryption cert to the DB. There are other tools, other ways of adding certs to the DB, but Thunderbird only offers one method, AFAIK. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
