Shostack + Friends Blog Archive


Apple Security UI

I just got a fascinating email. No, not really. It was a simple little email, from someone who’s being very helpful on a project that I’ll speak of in excrutiating detail later. What was fascinating about it was that it was PKCS 7 signed, and Apple’s told me so. It told me so with a little “signed” line in the header. Pretty cool. But I was wondering what it meant?

Signed by whom? How? With what key? Why am I “trusting” it? And I’m unable to find the answers. Anyone know?

I’m also experimenting a bit with MarsEdit, which I like a lot, except I’m having trouble with trackbacks. We’ll see how it inserts the image.

2 comments on "Apple Security UI"

  • Brian says:

    Signed by someone in your address book as “Adam Shostack,” using an S/MIME key marked in your keychain as being OK for signing messages, with a chain of signatures stretching back to a root CA in X509Anchors or (I think) the system keychain.

  • adam says:

    I don’t think I’d seen a Thawte cert in the keychain before. Did it download the Cert when it got the email? I have mixed feelings about a ca cert being automatically downloaded and trusted. On the one hand, its probably right for 99+% of the world. On the other, I wanna fiddle, and I certainly don’t want a new cert added that can sign software for install.
    PS: It actually validates the “From” address, not the to.

Comments are closed.