https://bugs.openldap.org/show_bug.cgi?id=9540
--- Comment #7 from Metin openldap.ms@savignano.net --- Hi Michael,
Sorry for the delayed reply.
(In reply to Michael Ströder from comment #6)
And are you and the developers of this LDAP client aware that originally this attribute was meant to carry a signed S/MIME message with empty body to also carry the S/MIME capabilities of a client?
Yes, we are aware of that, and that's how we've implemented our software.
So you're signing with the user's private key? How? Do you have key escrow?
No, we're not creating this attribute, but we're just using it in the intended way to send encrypted email, and we also consider the client capabilities if they are set. However, that's not the case with most email clients.
I guess, capabilities don't make much sense nowadays when many of us use multiple mail clients for the same mailbox.
The attribute can be created by the users themselves very easily by sending a signed message.
Yes, exactly. And that's why this ticket is a bit about trying to ride a dead horse. Sorry.
Accepted.
Thanks for taking time to explain.
Cheers Metin