|
sidemenu
|
Due to
changes in the renewal of DOEGrids certificates, it is not recommended
to use DOEGrids certificates for email signing or encryption. A change
was made to no longer renew a users DOEGrids certificate, but to rather
issue a new certificate. This action regenerates a users public/private
keypair. Once your DOEGrids certificate expires (and hence, cannot be
renewed), many applications will detect that the certificate is expired
and will no longer decrypt email, and may fail to validate a signed
message. In addition, given the short lifetime of an issued KCA
certificate, KCA's are not to be used for such purposes.
As of January 2009, we do NOT yet have a better recommendation than to
use your DOEGrids certificate to digitally sign E-mail. This will
cause problems with older stored E-mail as they are signed by expired
certificates but the extent of these problems will vary with your
E-mail client from warnings that can be ignored to not being able to
read the contents of old E-mails signed by expired certificates. We
hope to have a better solution later this year. For now you can continue to sign your E-mail with DOEGrids personal certificates but do not
use it to encrypt E-mails that are expected to be saved for future
re-used since once the certificate expiration date passes the encrypted
contents become so many uselss bits.
For reference here is the original instructions (persuant to the above recommendation).
|
|
