Hello, I've noticed that in mozilla-thunderbird-2.0.0.17 and most probably in earlier versions, the client doesn't handle public keys properly. The user can see that when he tries encrypting an SMIME e-mail. Here's what happens in details: 1. Someone sends a digitally signed message 2. Receiver gets the public key, tb stores it in the address book. 3. Sender's certificate expires. 4. Sender sends a signed e-mail with a new, valid again key 5. PROBLEM: Thunderbird would not remove the old keys for that user. It will keep them and display an error about not having the proper key at all. The key however is there, together with the expired ones. MANUAL SOLUTION: Remove the expired keys manually via options menu. I'm sorry if this should go upstream already, I'm unable to verify if it is gentoo-specific, but I verified it is Linux-specific problem. Reproducible: Always
This has been an issue even when I was gentoo maintainer of mozilla products. There were bugs open upstream about it, at one point it was decided by upstream to leave it alone and let the user maintain their public keys instead of thunderbird.
I still don't understand why this is not an issue on Windows for example - would Mozilla want to "punish" Linux users with extra work, that in this case should really be automatic? I don't believe it...
Well, this is for upstream...