[CentOS] [OT] Where to buy S/MIME ??

Tue Nov 27 23:47:00 UTC 2018
Alice Wonder <alice at domblogger.net>

On 11/27/2018 03:33 PM, Gordon Messmer wrote:
> On 11/25/18 5:35 AM, Alice Wonder wrote:
>> The "free for personal" S/MIME from Comodo didn't work. Browser said 
>> it did but there was nothing to export for me to then import. I 
>> suspect it is because I used private browser window,
> Probably, yes.  I've used that service in the past without issue.
>> I really don't like the idea of a private key stored in browser 
>> anyway. And it never asked for a password to encrypt the private key
> Setting a password will protect all of the certificates stored by 
> Firefox.  Select: Preferences -> Privacy and Security -> Security 
> Devices (under Certificates) -> Software Security Device -> Change password
> Chrome may have a similar option, but I don't see it and I don't see 
> documentation for it.\
>> nor let me specify key strength (only let me choose between medium and 
>> high - I assume high is 4096 but I don't know, it didn't say)
> There's very little harm in getting a certificate and examining it to 
> find out.  You can destroy it later with no ill effect.

I actually went for a more complex scenario, I've created my own CA 
complete with CRL.

It's nice because with S/MIME you really want two certs - one for 
signing (where ecdsa can be used) and one for when you need to receive 
encrypted. And I have multiple e-mail accounts I want to do thus with.

Could have done self-signed too but this at least allows me to revoke if 
a device like laptop or phone w/ private key is stolen.

Does mean those who want to confirm my messages have to import my root 
key but that's for them to decide.

Web browsers are applications that exist for the explicit purpose of 
downloading and executing untrusted code. It does not seem like that is 
a very wise environment to use for generating long term cryptography 
keys. It really doesn't.