On Mon, 2015-07-27 at 18:34 +0200, Trick, Daniel wrote: > Thanks for your reply, Bob! > > You said: > > When you need fine grain control, the application should use > > issuer/serial number to identify the cert (I think all the mozilla > > apps have gone to this now) > > Well, I agree that it /should/ use the issuer/serial number, which is > supposed to be unique (unlike the nickname). But I don't think that's > the case with the Mozilla apps right now. > > I'm using the latest Thunderbird (v38.1) and the certificate selection > box in the "S/MIME" section of the e-mail account configuration dialogue > shows the certificate's nickname /only./ > > And, even more important, if we look into the "prefs.js" file, where > Thunderbird actually stores which certificate is selected, we see that > it stores /only/ the certificate's nickname! > > (It's also the "prefs.js" file that we need to update in order to > configure the user's certificate in an automated way. And currently the > best we can do, AFAIK, is to write the nickname)
These days it probably ought to be using a RFC7512 PKCS#11 URI in a lot of cases. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
