Open Bug 1783288 Opened 3 years ago Updated 2 years ago

Invalid S/MIME Digital Signatures with certain footer-signatures (involving  )

Categories

(MailNews Core :: Security: S/MIME, defect, P2)

Product:
MailNews Core
Component:
Security: S/MIME
Version:
Thunderbird 102
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: gordon.doig, Unassigned)

Details

(Whiteboard: tb-crypto-needs-analysis tb-crypto-broken-feature)

Steps to reproduce:

Sending messages from Thunderbird with proper/valid S/MIME certificates for signature validation AND simple signature text using HTML that contains <a href="https//:sitename">.

Actual results:

When sending messages composed in HTML format, digital sig is 'valid' in sent folder but Not Valid reading in any other mail client (ex. Sending from Zoho account to a gmail).
When sending messages composed in txt-only format, digital sig is 'valid' in sent folder AND is Valid when read in any other email client (ex. Sending from Zoho account to a gmail).

Expected results:

I read all bugzilla threads AND reddit/shit on this issue (See early ver 91 TB issues). Upgraded to 102.1.0 and tried editing my Signature text.
FINALLY found solution: I had an AmpersandNBSP (&NBSP) at the end of my sig text for spacing (I know, a bit of a css style cheat!!).... and without the AmpersandNBSP the issue was FIXED.
Summary: TB 102.1.0 does something to parse the HTML sig incorrectly after sending so the checksum for reader does not add up (my guess based on Sent folder version showing Valid digital sig.)

Steps to reproduce should read:

Sending messages from Thunderbird with proper/valid S/MIME certificates for signature validation AND simple signature text using HTML that contains <a href="https//:sitename"> and simple Signature text ends with &nbsp .

Component: Untriaged → Security: S/MIME
Product: Thunderbird → MailNews Core
Severity: -- → S3
Priority: -- → P2
Whiteboard: ketb-needs-analysis keth-broken-feature
Summary: S/MIME Digital Signature Not Valid (does not match message content) 102.1.0 → Thunderbird 102 produceds invalid S/MIME Digital Signatures with certain footer-signatures (involving &nbsp;)
Whiteboard: ketb-needs-analysis keth-broken-feature → ketb-needs-analysis ketb-broken-feature
Summary: Thunderbird 102 produceds invalid S/MIME Digital Signatures with certain footer-signatures (involving &nbsp;) → Invalid S/MIME Digital Signatures with certain footer-signatures (involving &nbsp;)
Whiteboard: ketb-needs-analysis ketb-broken-feature → tb-crypto-needs-analysis tb-crypto-broken-feature

Is this planned to be fixed? I am sending invalidly signed emails for a long time now. The problem is unavoidable if you answer to HTML emails containing the elements described in the previous comments.

You need to log in before you can comment on or make changes to this bug.