Subject: The mailing list for listmasters using Sympa
List archive
[sympa-users] more questions and answers for S/MIME
- From: Adam Bernstein <address@concealed>
- To: "address@concealed" <address@concealed>
- Subject: [sympa-users] more questions and answers for S/MIME
- Date: Tue, 10 Jun 2008 17:08:19 -0700
So now I'm curious, is there anybody else out there using S/MIME with Sympa? Or are we on the bleeding edge? Because unless I'm very much mistaken, you would have had to overcome the same problems we've been dealing with, and I'd love to confirm our solutions or find new ones.
Now for some more questions and tips:
1. Is the welcome message for a list with an installed certificate always supposed to be signed? I've found that if the subscription was completed via email (ie. by the subscriber), the welcome message is signed, but if the subscriber was added by the administrator via WWSympa, the welcome message is not signed. Could that possibly be because we're using HTTP and not SSL for the Web connection -- does Sympa relate the use of X.509 email certs to the use of SSL for Web?
2. Has anyone successfully added a signing cert from a new CA to the ca-bundle.crt file that comes with Sympa? We've been successful using CAs that are already listed there (Thawte), but we haven't been able to get it working with a new CA (Comodo) even though we've put their certificate in what seems to be the right format in a modified ca-bundle.crt file. We could use some help figuring out why.
3. On distributing list certificates to subscribers: As previously mentioned, using the Load Certificate link on the list's Web page does not work for anyone but the creator of the certificate, who won't need it. The problem is that the cert will be loaded by the subscriber's browser into the "Other people's certs" section, and there is no button to export/backup certs from there (at least in Firefox), so they can't export it to their email client.
But this feature is actually unnecessary because the list will sign various messages to subscribers once it's configured, including the "an encrypted message has been sent to the list but we don't yet have your certificate" notice. These signed messages will get the list cert directly into the subscriber's email client soon enough, although they may miss seeing one encrypted message first. It would be even better if the welcome message was always signed, because then we could rely on that happening for everyone at the beginning.
4. In the current Sympa you will have to customize your request_auth.tt2 template in order to fix a problem with replies to subscription confirmation requests going to the list owners instead of back to Sympa, when a list cert is installed. This bug is reported and discussed here:
https://sourcesup.cru.fr/tracker/index.php?func=detail&aid=4157&group_id=23&atid=167
5. I have more, but this is already way too long. :)
adam
-
[sympa-users] help on s/mime: where to get certificate for list?,
Adam Bernstein, 06/05/2008
-
[sympa-users] update: problem with list certs for S/MIME,
Adam Bernstein, 06/05/2008
-
[sympa-users] more questions and answers for S/MIME,
Adam Bernstein, 06/11/2008
- Re: [sympa-users] more questions and answers for S/MIME, Serge Aumont, 06/11/2008
-
[sympa-users] more questions and answers for S/MIME,
Adam Bernstein, 06/11/2008
-
[sympa-users] update: problem with list certs for S/MIME,
Adam Bernstein, 06/05/2008
Archive powered by MHonArc 2.6.19+.