Developers of Sympa

[christian mock <address@concealed>]

On Tue, Dec 17, 2002 at 05:06:53PM +0100, Aumont - Comite Reseaux des 
Universites wrote:

> I beleive that's all. Please could you test it and report ?

Actually, I'll be doing a lot more -- we have a need to support distinct
signing and encryption certificates (as required by the local digital
signature law), so both for the lists and for the subscribers, I'll augment
the cert handling to support this.

Another issue is that when you change list certificates (because they
expire), the problem is to get the new certificates to all subscribers
(or rather, senders) at the same time -- I'll change sympa to support
a "current" set of certs/keys plus an amount of "past" certs/keys, so
when an encrypted mail comes in, it first tries to decrypt with the 
current key, and with all "past" keys afterwards. This means you can get
a new certificate a month in advance, and run both in parallel for this
time so your subscribers don't all have to switch at the very same 
moment.

The last issue is that with some versions of outlook, there's no indication
in the MIME headers whether the application/x-pkcs7-mime part is signed, 
encrypted or both; despite the S/MIME RFC saying you "SHOULD" make this
distinguishable, we have to support outlook, so I'll have to find a
solution to this problem, too.

Feedback from people using sympa with S/MIME would be very appreciated.

regards,

cm.

-- 
Christian Mock                          Wiedner Hauptstrasse 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273