The mailing list for listmasters using Sympa

[address@concealed]

Janusz S. Bien' wrote:
> On Mon, 03 Sep 2007  address@concealed wrote:
>
> [...]
>
>   
> > Sympa should accept S/MIME signed message as authenticated message
> > (ie without email chalenge) if the signature is recognized as
> > valid. The signature is valid if the message was not modified and if
> > the reciepient trust the signer certificate. The recipient trust a
> > certificate if is known for that or if is issued by an authority
> > which is trusted. The list of trusted certificate authority is a
> > parameter of sympa.conf.
> >     
>
> Thank you very much for your answer.
>
> As I use the self-signed certificate, I've converted my certificate
> from PEM to ca-bundle format with a script found with Google at
>
>        http://www.patandkat.com/pat/weblog/archives/computers/
>
> Then I appended the result to /usr/share/sympa/ca-bundle.crt (ca parameter
> in /etc/sympa/sympa.conf) and now my signed messages are accepted
> without md5 confirmation.
>
> So it works, but have I done it in the optimal way?
Huuum... You probably need to read a lot of documentation about PKI. PKI 
is the way to manage many certificates all around during their lifetime. 
Selfsigned certificate can help but using them will create a lot 
problems that PKI try to solve.

This is outside the scoop of Sympa itself but concern cryptology and PKI.

Serge Aumont