Open Bug 1933404 Opened 15 days ago Updated 15 days ago

Please add support for S/MIME certificates with non-ASCII email addresses

Categories

(MailNews Core :: Security: S/MIME, enhancement)

enhancement

Tracking

(Not tracked)

UNCONFIRMED

People

(Reporter: adriano.santoni, Unassigned)

Details

Actual results:

As of today, TB does not support a type of S/MIME certificates that is however expressly provided for by the Mozilla Root Store Policy [1], namely S/MIME certificates in which the owner's email address, in the SAN extension, is not found in an rfc822Mailbox element (as is usually the case) but in an SmtpUTF8Mailbox element. In the face of such a certificate, TB not only does not display the certificate details correctly (the email address is displayed as "not supported"), but is not even able to validate a correctly signed S/MIME email with such a certificate (presumably because of the first problem). It should also be kept in mind that such an email address can also contain non-ASCII characters.

[1] https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/

Component: Security: PSM → Security
Product: Core → Thunderbird
Component: Security → Security: S/MIME
Product: Thunderbird → MailNews Core
You need to log in before you can comment on or make changes to this bug.