[Users] SMIME - Validity Discrepancies.

[ENI]

>> 
>> Receiver sees the Signature OK icon, and the statement "Good
>> signature from <sender name>".
>> 
>> If the receiver clicks on the Signature OK icon, the message pane
>> conveys:
>> 
>> Good signature from 
>> uid "CN=<redacted>" (Validity: Unknown)
>> uid "<redacted>" (Validity: Unknown)
>> 
>> Q2 - Why the discrepancy (Signature OK vs. Validity:Unknown)?
>>
> 
> There's no discrepancy, these are different concepts:
> https://www.gnupg.org/gph/en/manual/x334.html
> 
> HTH,
> -- 
> Ricardo Mones 
> 

Ricardo:

Thank you for your interest in our post, and the effort involved in
providing a link to supporting documentation. We have reviewed the
information referenced, and believe we can now distinguish the two
concepts. We've also downloaded additional docs for future review.


To All:

We've reduced the scope of our post to that which follows (Validity
conveyed in upper vs. lower panes, where "discrepancy" may be a valid
characterization), and open it up to anyone wishing to comment.

>> 
>> Using X.509 certificates that we have issued from our own PKI.  Have
>> not implemented a CRL for this trial. 
>> 
>> At both sending and receiving ends:
>> 
>> - CRL checking is disabled in GPA Backend Preferences.
>> - Root CA and Intermediate CA certs have been imported, and cert
>> chains are fine.
>> - Sending and receiving of signed and encrypted messages works.
>> 
>> Gnu Privacy Assistant | Key Manager | "Upper Pane" | Validity column
>> indicates:
>> 
>> "Fully Valid" for the Root CA.
>> "Unknown" for the Intermediate CA that signed the user certs.
>> "Unknown" for the user keys.
>> 
>> Gnu Privacy Assistant | Key Manager | "Lower Pane" | Key Validity
>> indicates:
>> 
>> "Fully Valid" for the Root CA.
>> "Fully Valid" for the Intermediate CA.
>> "Fully Valid" for the user keys
>> 
>> Q1 - Why the discrepancy (Unknown vs. Fully Valid, upper pane vs.
>> lower pane)?
>> 

Best Regards,
ENI