Closed Bug 176313 Opened 22 years ago Closed 22 years ago

PKI Signature Interoperability Problems

Categories

(MailNews Core :: Security: S/MIME, defect)

1.0 Branch
x86
Windows 2000
defect
Not set
normal

Tracking

(Not tracked)

VERIFIED WONTFIX

People

(Reporter: Dennis.Jennings, Assigned: KaiE)

Details

Hi ! I have been successfully using Mozilla with a PKI key set from Verisign and have successfully sent signed e-mail with other Mozilla users and Microsoft users. However, exchanging e-mail with Vint Cerf (who is a frend of mine) we have interoperability problems. He is using Eudora with and Entrust PKI key pair - but he cannot read my signed messages - while his signed messages are deemed invalid by my Mozilla. (1.0.1) Any assistance woudl be helpful. Dennis
.. and for your information Netscape 6 PKI security does not work at all - or at least I was unable to find out how to make it work - so I switched to Mozilla and I am very pleased with it. Thanks Dennis
S/MIME
Assignee: mstoltz → ssaux
Component: Security: General → S/MIME
Product: MailNews → PSM
QA Contact: junruh → carosendahl
Version: other → 2.4
Kai
Assignee: ssaux → kaie
Ummm, I cannot see any support in Eudora 5.1 for s/mime. Any ideas how to configure this? Their web site and help makes no mention of such things...
Dennis, your report really surprises me. You say, Vint is not able to read your signed messages at all? There are two ways how a signed only (not encrypted) S/Mime message can be formatted (technically). Option 1: This is what Mozilla uses when creating messages: A multipart message, where the signature is an additional part. The message text itself is sent in the clear. Even if an email program is not able to understand S/Mime, it should still be able to display signed-only messages, at least the cleartext part. Do you say Eudora is displaying nothing at all? Or does it show an error message? Please provide more information, possibly a screenshot. Option 2: The standards also allow to create a single crypto signature object, that contains the actual message text in an encoded form. I think, such messages are not readable with email clients that do not support S/Mime. But Mozilla does not use that mechanism when creating signed messages. (Although Mozilla can display such incoming messages) Netscape 6 did not yet support S/Mime. Netscape 7.0 supports it. In an email message it was said, Eudora does not provide the S/Mime capabilities on its own, but a plugin was used. Could you give us a pointer to that plugin? Is it downloadable so we could use it for testing? In addition you say, Mozilla reports Vint's message as invalid. This is probably because Vint uses a certificate from a certificate authority, that is not contained in Mozilla's list of trusted ones. While viewing the message, if you click the signature icon, or choose View / Message Security Info from the menu, you should see a dialog with detailed information. If you suspect Mozilla might have a bug that causes it to incorrectly report the signature as invalid, please help me to analyze it, and ask Vint to send me a signed message using the Eudora configuration.
Unless we hear otherwise, I will be closing this bug out as won't fix in a couple of days. The invalidity is most likely due to, as Kai points out, the untrusted nature of the CA that signs Vint's certificate. The other issues are related to the Entrust plugin for Eudora. My only question here is that if you send a message to Vint using Outlook or Outlook Express, is his client capable of validating the signature?
What error message does Vint see when he tries to read the signed message?
Setting to wontfix.
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → WONTFIX
verified
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.4 → 1.0 Branch
Product: Core → MailNews Core
QA Contact: carosendahl → s.mime
You need to log in before you can comment on or make changes to this bug.