Re: Re: Microsoft Security, baby steps ?[Scanned]

[petard <petard () freeshell org>]

Hi Paul,

Not that I'd ever discourage s/mime from anyone, but *please* clear-sign
messages to public mailing lists. Opaque-signed mails are very difficult
for some folks to read.

Actually, I usually encourage folks to clear-sign all the time. Is there
any reason you're not?

For the rest of the world, if your mail client does not properly verify
opaque-signed messages and you can't read that one, just save the
message off to a file (say message.eml) and do the following:

1. Go download verisign's "Class 2 Primary CA" certificate, serial number
00 b9 2f 60 cc 88 9f a1 7a 46 09 b8 5b 70 6c 8a af; save it as a PEM
file (say ca.cer).

2. Using openssl's shell tool, issue the command 
openssl smime -verify -CAFile ca.cer -in message.eml

This will print the contents and verify the signature.

Alternatively, if you don't want to verify the validity of Paul's cert
according to Verisign, skip step 1 and change the command from step 2
to:
openssl smime -verify -noverify -in message.eml

That will verify the crypto without checking the validity of the
certificate.

regards,

petard

-- 
If your message really might be confidential, download my PGP key here:
http://petard.freeshell.org/petard.asc
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html