Open Bug 200710 Opened 21 years ago Updated 2 years ago

email address displayed in message security does not match From: address when cert has multiple addresses

Categories

(MailNews Core :: Security: S/MIME, defect)

Product:
MailNews Core
Component:
Security: S/MIME
Version:
Other Branch
Type:
defect

Tracking

(Not tracked)

People

(Reporter: jmdesp, Unassigned)

Details

(Whiteboard: [kerh-coz]) 

Steps for reproduction :

- Import a cert with multiple email adresses
- Sign a message with this cert in an account whose address is not the first
address of the list of addresses included in the cert
- Read message with a build that includes fix for bug 50823 (post 4/4/2003)
- The signature is checked valid
- Click on the pen icon to get the message security window
- The address displayed in Email Adress is the first of the list of addresses
inside the cert, and NOT the one the message comes from.

This is confusing for users. 
Either the adress displayed should match the one the email comes from, or all
the addresses present in the cert should be displayed.

As there is currently no way for users to see the full list of emails included
inside a certificate (the extension with that information is only displayed as
raw hex data in the certificate manager, and it's available nowhere else), I'd
be in favor of the second solution.
Somewhat related to http://bugzilla.mozilla.org/show_bug.cgi?id=188320 (focused
on encryption of sent messages) while this here is concerned with the congruence
of the signature with the "from" field
Mass reassign ssaux bugs to nobody
Assignee: ssaux → nobody
Product: PSM → Core
Whiteboard: [kerh-coz]
QA Contact: bmartin → s.mime
Product: Core → MailNews Core
Severity: minor → S4
You need to log in before you can comment on or make changes to this bug.