S
smveloso
Hi,
After receiving a signed email message, I checked the certificate
chain and found it strange that Outlook did not complain that the full
chain of CA's certificates was not installed in my system... The
message was signed with a certificate issued by an intermediate
authority that I did not explicitly choose to trust.
After some tests, I concluded that it is enough that the *root*
certificate is trusted.
For example: If Joe has a certificate issued by ACME and ACME is
trusted by RootCA, then Joe's signature is *automatically* verified by
Outlook if I have RootCA's certificate installed but not ACME's.
IMHO, even if the intermediate certificate has the necessary "basic
constraints" set (and assuming that they are checked), Outlook should
alert the user that he did not explicitly trust that particular
intermediate... is there a way to configure Outlook to show this
behaviour ?
Thank you all very much.
Sergio
After receiving a signed email message, I checked the certificate
chain and found it strange that Outlook did not complain that the full
chain of CA's certificates was not installed in my system... The
message was signed with a certificate issued by an intermediate
authority that I did not explicitly choose to trust.
After some tests, I concluded that it is enough that the *root*
certificate is trusted.
For example: If Joe has a certificate issued by ACME and ACME is
trusted by RootCA, then Joe's signature is *automatically* verified by
Outlook if I have RootCA's certificate installed but not ACME's.
IMHO, even if the intermediate certificate has the necessary "basic
constraints" set (and assuming that they are checked), Outlook should
alert the user that he did not explicitly trust that particular
intermediate... is there a way to configure Outlook to show this
behaviour ?
Thank you all very much.
Sergio