[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Re: Microsoft Security, baby steps ?[Scanned]
- To: "Schmehl, Paul L" <pauls@xxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] Re: Microsoft Security, baby steps ?[Scanned]
- From: petard <petard@xxxxxxxxxxxxx>
- Date: Thu, 18 Mar 2004 19:36:06 +0000
Hi Paul,
Not that I'd ever discourage s/mime from anyone, but *please* clear-sign
messages to public mailing lists. Opaque-signed mails are very difficult
for some folks to read.
Actually, I usually encourage folks to clear-sign all the time. Is there
any reason you're not?
For the rest of the world, if your mail client does not properly verify
opaque-signed messages and you can't read that one, just save the
message off to a file (say message.eml) and do the following:
1. Go download verisign's "Class 2 Primary CA" certificate, serial number
00 b9 2f 60 cc 88 9f a1 7a 46 09 b8 5b 70 6c 8a af; save it as a PEM
file (say ca.cer).
2. Using openssl's shell tool, issue the command
openssl smime -verify -CAFile ca.cer -in message.eml
This will print the contents and verify the signature.
Alternatively, if you don't want to verify the validity of Paul's cert
according to Verisign, skip step 1 and change the command from step 2
to:
openssl smime -verify -noverify -in message.eml
That will verify the crypto without checking the validity of the
certificate.
regards,
petard
--
If your message really might be confidential, download my PGP key here:
http://petard.freeshell.org/petard.asc
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html