Closed
Bug 590915
Opened 14 years ago
Closed 14 years ago
Provide recognized certs for signing email
Categories
(Mozilla Messaging Graveyard :: Office, defect)
Mozilla Messaging Graveyard
Office
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: Usul, Unassigned)
Details
The currents certs that we have are self-signed by a Momo authority. The public cert for that authority is not provided by default in the mozilla cert store. So when we sign emails with our certs they are not fully recognized on the recipient side unless they have our public root certificate in their store.
Could we get certificate signed by a Root ca that is present in Mozilla's default cert store ?
filed in office, but could also be in security.
Comment 1•14 years ago
|
||
(In reply to comment #0)
> The currents certs that we have are self-signed by a Momo authority. The public
> cert for that authority is not provided by default in the mozilla cert store.
> So when we sign emails with our certs they are not fully recognized on the
> recipient side unless they have our public root certificate in their store.
That's correct, and we certainly could put that CA somewhere easy for folks to download.
> Could we get certificate signed by a Root ca that is present in Mozilla's
> default cert store ?
Yes, but we'd have to go to one of the big CAs (Thawte, Verisign, etc) and pay to get each individual's certs signed...
Reporter | ||
Comment 2•14 years ago
|
||
(In reply to comment #1)
> (In reply to comment #0)
> > The currents certs that we have are self-signed by a Momo authority. The public
> > cert for that authority is not provided by default in the mozilla cert store.
> > So when we sign emails with our certs they are not fully recognized on the
> > recipient side unless they have our public root certificate in their store.
>
> That's correct, and we certainly could put that CA somewhere easy for folks to
> download.
I was unable to find out if there were best practice to do that, with know urls for both the root certs and CRLs.
Bob do you know if there are such documents ( a quick google search revealed nothing)
> > Could we get certificate signed by a Root ca that is present in Mozilla's
> > default cert store ?
>
> Yes, but we'd have to go to one of the big CAs (Thawte, Verisign, etc) and pay
> to get each individual's certs signed...
Any idea how much that would cost per person/per year ?
Comment 3•14 years ago
|
||
Why not use free class one s/mime certificates from comodo or startcom as a interim solution while waiting for CACERT to become auditable (they seem to be making progress)? My impression is that you normally only have to pay for higher security certificates (that verify who you are, rather than just what email address was used), or for certificates for sites. That has the added advantage of you eating the same dogfood as most users.
http://blog.cacert.org/
https://bugzilla.mozilla.org/show_bug.cgi?id=215243 (see 158)
Reporter | ||
Comment 4•14 years ago
|
||
(In reply to comment #1)
> (In reply to comment #0)
> > The currents certs that we have are self-signed by a Momo authority. The public
> > cert for that authority is not provided by default in the mozilla cert store.
> > So when we sign emails with our certs they are not fully recognized on the
> > recipient side unless they have our public root certificate in their store.
>
> That's correct, and we certainly could put that CA somewhere easy for folks to
> download.
Could we move on with that option ? as I would then just link to the certs in my emails ...
Comment 5•14 years ago
|
||
Should be on http://trunk.mozillamessaging.com/cacert.pem soon.
Will make itself public on www.mozillamessaging.com during the next merge window.
Comment 6•14 years ago
|
||
Url will be : /cacert.crt as it seems to be a more common file extension.
Comment 7•14 years ago
|
||
http://www.mozillamessaging.com/cacert.crt is now live
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•