I'm working with a start up company that will be working with sensitive intellectual property.
Setting up point-to-point encrypted e-mail seems like a good idea
I started with GPGMail. It is slightly tricky for non-technical people to set up and I could not find a satisfactory method of using it on iPads and iPhones.
While learning about GPGMail I discovered S/MIME.
This seems like a better method of encryption because it is already implemented across all the e-mail clients we'll be using. (OSX and iOS)
Since this is a much better option for my non techies, I have put GPGMail on hold while I investigate S/MIME
I have discovered two certificate authorities that give out free E-mail certificates. Comodo and StartSSL.
For ease-of-use of my non techies, using a certificate authority that is already trusted by OS X Mavericks is highly desirable.
I was unable to complete the certificate install process used by Comodo using either Safari or Firefox.
This is a shame because I am positive they are on the default list of trusted certificate authorities of OSX.
(yes, there's a lot more information I could give about what goes wrong and they're free technical service, but not here)
I was successful in implementing the certificates from StartSSL. Unfortunately any e-mail signed by their certificate shows up as Untrusted. I think this is because they are not in the default list of trusted certificate authorities of OSX but I'm not sure if this is the reason. I know that I can force a certificate to be trusted but would rather use a certificate authority already in the default trusted list.
I have not been able to find a simple, easy to read, list of the certificate authorities that OS X Mavericks trust by default.
My 1st question is: Does anybody know if such a list exists and where would be found?
My 2nd question is: does anyone know if StartSSL is trusted by default by Mavericks.
I see two possible paths of investigation.
1: StartSSL is trusted and there's another reason that my signed e-mails are showing up as Untrusted that I have to discover.
2: StartSSL is not trusted and I have to find a different certificate authority to use.
My 3rd question is: does anyone know which path is to correct one ? (sort of the same questions #2)
Any input would be greatly appreciated.
Setting up point-to-point encrypted e-mail seems like a good idea
I started with GPGMail. It is slightly tricky for non-technical people to set up and I could not find a satisfactory method of using it on iPads and iPhones.
While learning about GPGMail I discovered S/MIME.
This seems like a better method of encryption because it is already implemented across all the e-mail clients we'll be using. (OSX and iOS)
Since this is a much better option for my non techies, I have put GPGMail on hold while I investigate S/MIME
I have discovered two certificate authorities that give out free E-mail certificates. Comodo and StartSSL.
For ease-of-use of my non techies, using a certificate authority that is already trusted by OS X Mavericks is highly desirable.
I was unable to complete the certificate install process used by Comodo using either Safari or Firefox.
This is a shame because I am positive they are on the default list of trusted certificate authorities of OSX.
(yes, there's a lot more information I could give about what goes wrong and they're free technical service, but not here)
I was successful in implementing the certificates from StartSSL. Unfortunately any e-mail signed by their certificate shows up as Untrusted. I think this is because they are not in the default list of trusted certificate authorities of OSX but I'm not sure if this is the reason. I know that I can force a certificate to be trusted but would rather use a certificate authority already in the default trusted list.
I have not been able to find a simple, easy to read, list of the certificate authorities that OS X Mavericks trust by default.
My 1st question is: Does anybody know if such a list exists and where would be found?
My 2nd question is: does anyone know if StartSSL is trusted by default by Mavericks.
I see two possible paths of investigation.
1: StartSSL is trusted and there's another reason that my signed e-mails are showing up as Untrusted that I have to discover.
2: StartSSL is not trusted and I have to find a different certificate authority to use.
My 3rd question is: does anyone know which path is to correct one ? (sort of the same questions #2)
Any input would be greatly appreciated.