Closed
Bug 176313
Opened 22 years ago
Closed 22 years ago
PKI Signature Interoperability Problems
Categories
(MailNews Core :: Security: S/MIME, defect)
Tracking
(Not tracked)
VERIFIED
WONTFIX
People
(Reporter: Dennis.Jennings, Assigned: KaiE)
Details
Hi !
I have been successfully using Mozilla with a PKI key set from Verisign and have
successfully sent signed e-mail with other Mozilla users and Microsoft users.
However, exchanging e-mail with Vint Cerf (who is a frend of mine) we have
interoperability problems.
He is using Eudora with and Entrust PKI key pair - but he cannot read my signed
messages - while his signed messages are deemed invalid by my Mozilla. (1.0.1)
Any assistance woudl be helpful.
Dennis
Reporter | ||
Comment 1•22 years ago
|
||
.. and for your information Netscape 6 PKI security does not work at all - or at
least I was unable to find out how to make it work - so I switched to Mozilla
and I am very pleased with it.
Thanks
Dennis
Comment 2•22 years ago
|
||
S/MIME
Assignee: mstoltz → ssaux
Component: Security: General → S/MIME
Product: MailNews → PSM
QA Contact: junruh → carosendahl
Version: other → 2.4
Comment 4•22 years ago
|
||
Ummm, I cannot see any support in Eudora 5.1 for s/mime. Any ideas how to
configure this? Their web site and help makes no mention of such things...
Assignee | ||
Comment 5•22 years ago
|
||
Dennis, your report really surprises me. You say, Vint is not able to read your
signed messages at all?
There are two ways how a signed only (not encrypted) S/Mime message can be
formatted (technically).
Option 1: This is what Mozilla uses when creating messages: A multipart message,
where the signature is an additional part. The message text itself is sent in
the clear. Even if an email program is not able to understand S/Mime, it should
still be able to display signed-only messages, at least the cleartext part. Do
you say Eudora is displaying nothing at all? Or does it show an error message?
Please provide more information, possibly a screenshot.
Option 2: The standards also allow to create a single crypto signature object,
that contains the actual message text in an encoded form. I think, such messages
are not readable with email clients that do not support S/Mime. But Mozilla does
not use that mechanism when creating signed messages. (Although Mozilla can
display such incoming messages)
Netscape 6 did not yet support S/Mime. Netscape 7.0 supports it.
In an email message it was said, Eudora does not provide the S/Mime capabilities
on its own, but a plugin was used. Could you give us a pointer to that plugin?
Is it downloadable so we could use it for testing?
In addition you say, Mozilla reports Vint's message as invalid. This is probably
because Vint uses a certificate from a certificate authority, that is not
contained in Mozilla's list of trusted ones. While viewing the message, if you
click the signature icon, or choose View / Message Security Info from the menu,
you should see a dialog with detailed information.
If you suspect Mozilla might have a bug that causes it to incorrectly report the
signature as invalid, please help me to analyze it, and ask Vint to send me a
signed message using the Eudora configuration.
Comment 6•22 years ago
|
||
Unless we hear otherwise, I will be closing this bug out as won't fix in a
couple of days.
The invalidity is most likely due to, as Kai points out, the untrusted nature of
the CA that signs Vint's certificate.
The other issues are related to the Entrust plugin for Eudora. My only question
here is that if you send a message to Vint using Outlook or Outlook Express, is
his client capable of validating the signature?
Comment 7•22 years ago
|
||
What error message does Vint see when he tries to read the signed message?
Comment 8•22 years ago
|
||
Setting to wontfix.
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•