Electronic mail (“e-mail”) messages may be encoded using one of a number of known protocols. Some of these protocols, such as Secure Multiple Internet Mail Extensions (“S/MIME”) for example, rely on public and private encryption keys to provide confidentiality and integrity, and on a Public Key Infrastructure (PKI) to communicate information that provides authentication and authorization. Data encoded using a private key of a private key/public key pair can only be decoded using the corresponding public key of the pair. Similarly, data encoded using the public key of a private key/public key pair can only be decoded using the corresponding private key of the pair. The authenticity of public keys used in the encoding of messages may be validated using certificates. For example, if a user of a computing device (e.g. a mobile device) wishes to encrypt a message before the message is sent to a particular individual, the user will require a certificate for that individual. That certificate will typically comprise the public key of the individual, as well as other identification-related information. If the requisite certificate for the intended recipient is not already stored on the user's computing device, the certificate must first be retrieved. Searching for and retrieving a certificate for a specific recipient is a process that generally involves querying a certificate server, by having the user manually enter the name and/or e-mail address of the intended recipient in a search form displayed on the computing device, such as that provided in a certificate browser, for example.
In an example implementation of a first type, all of the certificates located in the search are then temporarily downloaded to the computing device for processing so that a list of the located certificates may be displayed to the user in the certificate browser. A user may select certificates identified in the list, and the selected certificates may be more permanently stored in a non-volatile store on the computing device for potential future use. In an example implementation of a second type, instead of temporarily downloading all of the certificates located in the search to the computing device in the first instance, only certain data needed to generate the list of certificates located in the search may be initially downloaded to the computing device. The list is displayed to a user, and typically identifies each located certificate using the common name and e-mail address of the individual to whom the respective certificate has been issued. Only after the user selects one or more specific certificates from the list are any certificates downloaded (i.e. the user-selected ones) to the computing device for storage. In particular, if the computing device is a mobile device, deferring the downloading of certificates to the mobile device and only downloading the user-selected certificates can significantly minimize waste of resources.
Unfortunately, in known systems, it is not generally possible to determine at the computing device the status of a certificate located in a search without first downloading the certificate to the computing device for processing, unless the certificate happens to be already stored on the computing device. Without first knowing the status of any given certificate identified in a list of search results, a user may unknowingly select a revoked or expired certificate from the list to be downloaded to the computing device. To prevent this occurrence, each certificate located in the search and not stored on the computing device might be, at least temporarily, downloaded to the computing device in its entirety. This would facilitate a determination of each certificate's status at the computing device so that the user can be informed prior to selecting certificates to be stored for future use. However, any benefits that would otherwise be attained by deferring the downloading of certificates (e.g. in implementations of the second type) would be lost. Moreover, downloading all of the certificates located in a search in order to determine their status in advance of user selection may be particularly wasteful (e.g. in terms of time and bandwidth) if some of the certificates have been needlessly downloaded to the computing device because they have been revoked or have expired.