Women in Technology

Hear us Roar

  How to Set Up Encrypted Mail on Mac OS X
Subject:   Allow Mail to use certificate
Date:   2004-01-28 23:07:20
From:   maximus
In Keychain you may still have the settings so to ask for password in order to use the certificate AND not having to confirm the use of the certificate for Mail.

Having to confirm Mail to use the certificate each time (without password) is just a nuisance that does not add to security. The way to avoid that is to Add Mail to the Access Control of the certificate so that Mail can use it if you have unlocked and provided the password.

All other applications will have instead to have the password reissued if want to use the certificate.

Again, unless you have set the keychain so to have to issue the password for every signed email there is no added security in confirming Mail to send signed mail. It would be meaningful if denying access would send a regular email but it is not the case: it sends what your recipient would take as a *tampered* email.

Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • FJ de Kermadec photo Allow Mail to use certificate
    2004-01-29 00:39:33  FJ de Kermadec | O'Reilly Blogger [View]

    Hi !

    Having Mail ask for a password every time that you send a signed mail will prevent people who could gain local access to an open session from sending a signed mail a coworker, for example.

    Having Mail ask for a confirmation (without password) every time that you send a signed mail will at least prevent automated scripts (AppleScripts for example) from sending a signed mail without your consent.

    That's why I suggested these settings in the article.

    • Allow Mail to use certificate
      2004-01-31 04:59:38  maximus [View]

      The first point is how I have set it.

      Honestly, I did not think about the automated script of your second point. Right on. It is less than a nuisance now as it indeed adds to security - which I missed before.