[Kde-pim] S/MIME validation in kmail
Ingo Klöcker
kloecker at kde.org
Sun Dec 7 10:37:46 GMT 2008
On Sunday 07 December 2008, Nick Shaforostoff wrote:
> Hi.
>
> Please tell me what's the relationship of underlined items:
> http://youonlylivetwice.info/kmail-crl.png
Those two items (and all other items of the S/MIME Validation
configuration) correspond directly to configuration options of gpgsm
(which is used by KMail for handling all things related to S/MIME):
The two choices "Validate certificates using CRLs" and "Validate
certificates online (OCSP)" correspond to gpgsm's
option --enable-ocsp/--disable-ocsp. Quoting from [1]:
Be default OCSP checks are disabled. The enable option may be used to
enable OCSP checks via Dirmngr. If CRL checks are also enabled, CRLs
will be used as a fallback if for some reason an OCSP request won't
succeed. Note, that you have to allow OCSP requests in Dirmngr's
configuration too (option --allow-ocsp and configure dirmngr properly.
If you don't do so you will get the error code `Not supported'.
The option "Never consult a CRL" corresponds to gpgsm's
option --enable-crl-checks/--disable-crl-checks. Quoting from [1]:
By default the CRL checks are enabled and the DirMngr is used to check
for revoked certificates. The disable option is most useful with an
off-line network connection to suppress this check.
For more information check the documentation of gpgsm resp. of the
Ägypten2 project: http://gnupg.org/aegypten2/index.html
Regards,
Ingo
[1]
http://www.gnupg.org/documentation/manuals/gnupg/Certificate-Options.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20081207/4fb3b2b8/attachment.sig>
-------------- next part --------------
_______________________________________________
KDE PIM mailing list kde-pim at kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/
More information about the kde-pim
mailing list