Thunderbird doesn't display S/MIME message contents
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
People
(Reporter: mozilla-bugzilla, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0
Steps to reproduce:
I received an encrypted S/MIME message with the following formatting:
...
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256;
boundary="000000000000e3e7820598bd1452"
...
--000000000000e3e7820598bd1452
Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type=enveloped-data
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7m"
Content-Description: S/MIME Encrypted Message
...
--000000000000e3e7820598bd1452
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
...
--000000000000e3e7820598bd1452--
Actual results:
Thunderbird displays this as a message with an attachment. The S/MIME info box shows the note "this message is not encrypted"
Expected results:
Thunderbird should've interpreted and the S/MIME encrypted message part
|
||
Comment 1•6 years ago
|
||
An unusual format, I think. We only support S/MIME encryption where the top level is encrypted now. (Since efail.)
|
||
Comment 2•6 years ago
|
||
As Magnus said, the behavior (not decrypting) is intended.
However, we need better UI in this scenario. That's already filed as bug 1576655.
|
Reporter | |
Comment 3•5 years ago
|
||
By "unusual format", do you mean a standard encrypted-then-signed message according to RFC 8551 S/MIME 4.0? A standard which was developed with input from and finalized after EFAIL? https://tools.ietf.org/html/rfc8551
Description
•