Closed Bug 252250 Opened 20 years ago Closed 16 years ago

Incorrect handling of S/MIME keys with multiple identities (need UI for per-identity cert settings)

Categories

(Thunderbird :: Account Manager, enhancement, P3)

Product:
Thunderbird
Component:
Account Manager
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 3.0b2

People

(Reporter: bernhard.valenti, Assigned: mkmelin)

References

Details

(Whiteboard: [fixed by bug 455310])

Attachments

(2 files, 16 obsolete files)

Account Management Dialog, Security entry
69.08 KB, image/jpeg
Details
this shows the new security tab in the edit identites dialog
41.41 KB, image/png
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a2) Gecko/20040709 Firefox/0.9.0+
Build Identifier: Thunderbird version 0.7 (20040616)

i have several email addresses and want to use S/MIME for signature/encryption
with them. 0.7 adds that multiple addresses for one account option, and when i
add all my email addresses to one account i can only send signed/encrypted mail
from one account(the primary).

for the others i get:

"You need to set up one or more personal certificates before you can use this
security feature. Would you like to learn how to do this now?"

when selecting sign or encrypt. so it looks like thunderbird doesnt find the
keys for that From address.

note: i do have a seperate key for each of my email addresses, and i have them
imported in thunderbird and they are working if i use seperate accounts for each
of them.

Reproducible: Always
Steps to Reproduce:
1. import s/mime keys for your multiple email addresses
2. add those email addresses to a single account
3. select sign or encrypt in compose window with the non-primary address of that
account in the From header

Actual Results:  
"You need to set up one or more personal certificates before you can use this
security feature. Would you like to learn how to do this now?"

Expected Results:  
thunderbird should select the right s/mime key to use.
You've to assign the prefs encryption_cert_name and encryptionpolicy for the
additional identities by hand in prefs.js/user.js.

The basic problem is that there's no UI for additional identities except the
ones from the accounts main panel like name and email address.

Though this lack is obvious I couldn't find an already existing bug for this.
Bug 235762 is only for situations where values for each additional identity can
be the same.
Status: UNCONFIRMED → NEW
Ever confirmed: true
I just tried what Christian suggested. I can select sign/encrypt now and send
the mail, but because my 3 certificates have the exact same name, thunderbirds
signs the mail only with one of the keys(always the same). So mail from 2
identities get signed with the wrong key. Maybe thunderbird should use the
serial of the certificate as this is unique, or be smart and read the subject
emailaddress from the certficates. 
> I can select sign/encrypt now and send the mail, but because my 3 certificates
> have the exact same name, thunderbirds signs the mail only with one of the
> keys(always the same). So mail from 2 identities get signed with the wrong
> key.

You're right here. The SN is shown when selecting a cert in the UI, but it's not
written in the pref.

Since every bug should only address one issue, you should decide which one this
bug should address: UI for additional other fields than name and mail address or
unique cert descriptions in prefs.
Another bug should be filed for the other issue.

> or be smart and read the subject emailaddress from the certficates.

Beware! Firstly email address in subject is deprecated (better place it in
subjectAltName) and secondly a cert isn't required to have an email address at all.
OS: Windows XP → All
Hardware: PC → All
I have a similar issue.  The primary identity for my account doesn't use S/MIME,
but the secondary one does.  I'd like a GUI way to do this, similar to the way
Enigmail does for OpenPGP.
I use two "identities" mere to be able to use two separate signature files
(personal & business). All other info under "Manage Identities > Edit" is the
same (name, e-mail,..).

I have *one* Thawte digital certificate for my *one* e-mail address.

At home, my personal-signature identity is the default (primary), at work my
business-signature identity is the default.

Whenever I switch identities while composing a message (e.g., I'm sending a
business e-mail from home), I can no longer sign the e-mail. :(

So either the "Manage Identities" needs to allow editing *all* the same settings
as a regular identity (i.e., Server settings, copies&folders, ...), or it needs
to at least include the "Security" settings (even if it's just a checkbox: [x]
Use same security settings as for primary identity).

If only bug 73567 were fixed. :-\
(In reply to comment #5)
> Whenever I switch identities while composing a message (e.g., I'm sending a
> business e-mail from home), I can no longer sign the e-mail. :(

A complete UI for multiple identities would be the best, agreed.
But doesn't help what I wrote in comment #1? If I create two identities with the
same e-mail address and name but different signature, I can manually asign the
pref keys and mails composed with both identities.
*** Bug 261155 has been marked as a duplicate of this bug. ***
Looking forward to this being resolved as I suffer from the same problem - and
here in Denmark we actually have official SMIME certs issued, so I can use it to
communicate with the state and such - so I'd ofcourse like to having it work,
for other than my primary (as I need to have seperate certs for my company
address and for my personal address).
Depends on: 262300
Editing these prefs will be a little easier with trunk builds and TB 1.1, which 
have the "about:config" advanced options configuration window.  But a real UI in 
the identity manager is clearly desirable.
Severity: normal → enhancement
Summary: Incorrect handling of S/MIME keys with multiple identities → Incorrect handling of S/MIME keys with multiple identities (need UI for per-identity cert settings)
Version: unspecified → Trunk
*** Bug 264920 has been marked as a duplicate of this bug. ***
*** Bug 293246 has been marked as a duplicate of this bug. ***
Blocks: 278549
*** Bug 294704 has been marked as a duplicate of this bug. ***
*** Bug 306955 has been marked as a duplicate of this bug. ***
*** Bug 345801 has been marked as a duplicate of this bug. ***
QA Contact: account-manager
There is also no provision to  provide functionality to attach Public Key of an X.509 signature - So there is no way you can ever use encryption functionality.

The nature function of 2.0 show no advancement in S/MIME handling. They provide importation and signing of a message of a singular account. Enigmail addition only provide PGP handling wich in NOT in linut with ITU standards 

http://mysite.verizon.net/ambur/x509.htm.
(In reply to comment #17)
> There is also no provision to  provide functionality to attach Public Key of an
> X.509 signature - So there is no way you can ever use encryption functionality.
> 
> The nature function of 2.0 show no advancement in S/MIME handling. They provide
> importation and signing of a message of a singular account. Enigmail addition
> only provide PGP handling wich in NOT in linut with ITU standards 
> 
> http://mysite.verizon.net/ambur/x509.htm.
> 

(In reply to comment #17)
> There is also no provision to  provide functionality to attach Public Key of an
> X.509 signature - So there is no way you can ever use encryption functionality.
> 
> The nature function of 2.0 show no advancement in S/MIME handling. They provide
> importation and signing of a message of a singular account. Enigmail addition
> only provide PGP handling which in NOT in line with ITU standards. The whole standard needs review in what functionality needs to be provided by an innate package.
> 
> http://mysite.verizon.net/ambur/x509.htm.
> 


(In reply to comment #1)
> You've to assign the prefs encryption_cert_name and encryptionpolicy for the
> additional identities by hand in prefs.js/user.js.

This doesn't work.

(In reply to comments #2 and #19)

I have successfully installed S/MIME certificates for different identities on one account, and I have also succeeded to change the names of my certificates in order to facilitate their selection in the preferences. I will just give here a pedagogic summary of what I did, in the hope that this may be helpful to others.
What I describe below works at least with Thunderbird 1.5.0.9 and Thunderbird 2.0.0.4 under Linux.

1.) I got my S/MIME e-mail certificates from Thawte (as Freemail Member) and downloaded them using Firefox. From Firefox, I made a backup of the certificate in a PKCS#12 file (say, "certificate.p12").

2.) In principle, I could directly have imported the file "certificate.p12" from Thunderbird, but I wanted to have a user-friendly name for the certificate. So I first used OpenSSL to convert the certificate file (under Linux, but this can probably also be done in other operating systems where OpenSSL can be installed). I called

  openssl pkcs12 -in certificate.p12 -out certificate.pem

which converted the certificate to the PEM format. Afterwards I converted back to PKCS#12 using

  openssl pkcs12 -export -in certificate.pem -out certificate-new.p12 \
  -name "my@e-mail.de"

where "my@e-mail.de" stands for my e-mail address in the certificate and has been chosen by me for the new name of the certificate. (I found it convenient to have the name of the certificate identical to the e-mail address.)
There is also a short of the this double conversion, piping the PEM output instead of writing it to a file:

  openssl pkcs12 -in certificate.p12 | openssl pkcs12 -export \
    -out certificate-new.p12 -name "my@e-mail.de"

Changing certificate names like described here also permits to avoid name clashes as described in comment #2.

3.) I imported the new certificate file "certificate-new.p12" from Thunderbird using the Import function in Preferences -> Advanced -> Certificates -> View Certificates -> Your Certificates (in Thunderbird 2.0.0.4). In the list there, it appears with the "common name" ("Thawte Freemail Member" in my case), but when viewing its details, the certificate viewer displays the chosen "friendly name" ("my@e-mail.de") in the window title.

4.) In order to select this certificate for signing and encrypting with an identity which is not the primary identity of an account, one can edit the "prefs.js" file or use the config editor in Preferences -> Advanced -> General. The correct identity can easily be found by filtering e.g. with "useremail". Provided that the idendity is configured in the entries mail.identity.id2.*, the  following settings are relevant:

  mail.identity.id2.encryption_cert_name
  mail.identity.id2.encryptionpolicy
  mail.identity.id2.sign_mail
  mail.identity.id2.signing_cert_name

The encryption_cert_name and the signing_cert_name have to be set to the "friendly name" of the certificate ("my@e-mail.de" in my case). The sign_mail entry is a boolean which specifies whether messages with this identity should be signed by default. And the encryptionpolicy is an integer which specifies in which cases messages should be encrypted by default. Best copy the value of the encryptionpolicy from a primary identity where you have configured it using the account manager.

With all this done, I can perfectly sign and encrypt messages also for secondary identities. Still, I would prefer to have the options for S/MIME signing and encryption in the identity manager, so that one does not have to edit the preferences by hand. I do not understand why OpenPGP/Enigmail integrates in the identity manager and the standard S/MIME security options are still not present there.

(In reply to comment #2)
Thunderbird [now] names them "Cert" and "Cert #2" when the names are duplicated.

(In reply to comment #20)
Comment #2 didn't mention sign_mail, or signing_cert_name, which is why it didn't appear to work.

This bug could probably have been fixed 3 years ago in less than an hour.
With the above information and in respect to the current status of 'enhancement' I do not think 'enhancement' is quite the right severity.

The S/MIME x.509 and SSL handling is a United Nations Resolution of compliance - It is not proprietary to anyone, and the complete handling of all digital certificates along with every countries agreement for the standard was an agreement on on how we Globally deal with acceptable forms of verification - AND PGP is NOT included within the complete discussion and resolutions.

To ignore such and given this bug in its entirety as an "enhancement" priority I find either contemptuous or a total lack of awareness.

Functionality is currently provided to encrypt a so signed message and yet, without "User Tools to attach the private key" - sorry this is a horrible BUG!!!!!!!

ALL RFC pertaining to S/MIME handling and even SSL processing and each country's acceptance criteria can be found at

http://www.pki-page.org/
last updates on June 21st, 2007.

IF Thunderbird would like to join the rest of the worlds standards and therefore ensure its acceptable value to most commercial .GOV  and .MIL use I am sure we would all like to see this as a bug and a suitable priority attached to it. I think this application was long ago ready to jump out of peoples homes and into main stream usage but it will not be accepted by many until this BUG is addressed. In the year 2000 the cut down version of outlook, outlook express in Windows 2000 could perform these simple tasks. Can we please make the jump into corporate, govt, military, law enforcement, etc. etc. etc. by fixing this functional omission please and up the priority to a realistic position. 
Scott, The S/MIME capabilities of Thunderbird and SeaMonkey are HEAVILY 
used by users in .GOV and .MIL already today.  The authors of the S/MIME
code used in mozilla are members of the IETF working groups that define
the standards and some are RFC authors.  So, it's unlikely that there is
some major functionality missing here.

Apparently there is some task that you are having trouble doing, though 
I'm not sure what it is yet.  You are not expressing it in terms commonly 
used throughout the industry.

I think you merely need to ask for help on how to do whatever it is that
you are having difficulty doing.  This bug is not the right place to ask
for help.  Ask for help in the mozilla.dev.tech.crypto newsgroup.  
Refer off-line correspondence from bernd-jantzen.de. and reply.
I have no current issue in using current functionality - or I would be asking an email list. But thank you for the thought! 


Refer off-line correspondence from bernd-jantzen.de. and reply.
I have no current issue in using current functionality - or I would be asking an email list. But thank you for the thought! 


I am very disappointed that in the new release of Thunderbird and enigmail that we cannot still offer the same GUI functionality afforded to S/MIME that we give to PGP. There is still NO apparent way of attaching your public key to send the recipient so that they can import it via GUI and thus facilitate further encrypted messages.

Therefore less than half the functionality of an S/MIME certificate is available as of this date. With respect to comment 23 - Off course organisations who have all users with X 5.09 certificates sending encrypted email is not an issue as they already have the CA's encryption/signing capabilities. This being the case even I can encrypt an email to ANY other user who has a thwate or Verisign (same company) digital certificate. Because a recipient has a similar CA's decryption algorithm there is no requirement to send it. The signature algorithm is different, however the decryption algorithm is NOT.If we all had thwate freemail certificates we can immediately send encrypted emails. If the user does NOT be need to send the 
1. attach the decryption key and
2. give the recipient the ability to import it simply

So in conclusion where an organisation all have 1 CA X 509 certificate - there is no issue for that organisation.

It is clearly apparent that Thunderebird and enigmail completely relies on PGP functionality.

ALL I am suggesting is we give equal weight to the World standard X 5.09 rather than PGP - Its a big world market out there and to ignore ISO standards we just make up the rules as we go - There IS life outside North America and ISO standards are there for a reason and if you want the EU to use Thunderbird I humbly suggest we take a clear look at X 5.09 as there is so much more to just digital signing and encryption - There is also S/MIME standard for digital receipt that recipients cannot stop if requested as they are auto processed via opening a X 509 digitally signed and X 5.09 receipt notification and tracking.

Please forgive my passion, but the authors of Thunderbird and Enigmail are just ignoring the one world - 1 standard, without which we just have confusion as above. As such we have failed and hence reclassified as lack of functionality with no workaround == bug
Attn QA please alter priority to Minor BUG due above reasoning
(In reply to comment #26)

Scott, this bug is about the missing GUI for configuring signing and encryption certificates to secondary identities. We have clarified that this functionality is present by using the config editor and editing the preferences by hand (see my comment #20). The purpose for this bug still being open is that we are waiting for suggestions how to include choosing certificates for secondary identities in the Thunderbird GUI, and for someone willing to write a patch for this.

This bug is NOT about missing S/MIME functionality of Thunderbird. If you think that S/MIME functionality is missing or that Thunderbird treats S/MIME issues incorrectly, you should open a new bug for exactly that subject. It does not help the purpose of this bug here if you fill the comments with your remarks about another subject.

By the way, I do not agree with you about missing functionality in attaching and importing public keys. When you send someone a message signed with your S/MIME certificate, then your public key is automatically attached to this message together with the signature. And when you receive a signed message, the public key of the sender is automatically saved in your "Other people's certificates" list. (Provided that Thunderbird knows the CA which has issued the certificate; otherwise you first have to import the CA's certificate.)

Atten QA please delete comments 26 - 28 and cross reference with new bug reports. - Many thanks and apologies for for wandering off into a different tangent in 1 bug issue.

Cheers
Scott,  You apparently don't know how to accomplish the tasks you wish to 
accomplish using S/MIME.  You're presuming that the tasks cannot be done,
because you do not know how to do them.   You should go to the newsgroups 
first, and ASK "how do I do this?".  You might be amazed at what you will 
learn.  But the bugzilla bug tracking system is not the place for you to 
learn about Thunderbird UI.

Frankly, comment 26 is insulting. The developers of the S/MIME code used 
in Thunderbird were among the leading proponents and developers of the S/MIME 
standard itself.  S/MIME is not a second-class citizen in Thunderbird.  It is 
supported in the base product itself, unlike enigmail, which is an add on.  

BTW, the enigmail addon is known to cause certain problems for S/MIME in 
Thunderbird.  After installing enigmail, users report that Thunderbird no 
longer recognizes s/MIME signatures.  This reportedly continues even after
enigmail is uninstalled.  The solution seems to require creating a new 
clean profile.  If that upsets you, take it up with the enigmail developers.  
It is the addon developers' responsibility to make their addon work without
damage to the base product's functionality.
Agree with all above - wither Bernhard's testing of different platform recipients I will soon publish how to
1. Import that public Encryption key of every S/MIME signed message when received by different clients - Yes this does enable encryption and at the moment I eat humble pie 
Hi, I wrote a patch against Thunderbird 2.0.0.6 (Ubuntu 7.10), which might be useful.
I needed to add a string into messenger/am-identity-edit.dtd called 
 <!ENTITY securityTab.label "S/MIME">
.
Please find the patch (a "diff -C3 -N -r old new") attached.

I'm note sure whether storing and updating is handled best but it works for me.
Attachment #296322 - Attachment description: Adds a S/MIME Tab to identity management of accounts → Adds a S/MIME Tab to identity management of accounts. Written agains Thunderbird 2.0.0.6 (Ubuntu 7.10)
Attachment #296322 - Attachment description: Adds a S/MIME Tab to identity management of accounts. Written agains Thunderbird 2.0.0.6 (Ubuntu 7.10) → Adds a S/MIME Tab to identity management of accounts. Written agains Thunderbird 2.0.0.6 (Ubuntu 7.10). It basically moves am-smime.xul into am-smimeOverlay.xul and makes some adaptive changes to am-smime.xul, am-smime.js, am-identity-edit.xul, am-ident
Please make that a unified diff standing in the mozilla dir (and from the cvs HEAD) - something like

cvs diff -up9

When I uploaded my last patch I thought it would be easy the patch sources from this. This was not true as the smime module is packed as an extension and therefore one could not just edit am-identity-edit.xul adding smime.

Nevertheless I'm proud to announce that the result of my todays work is an smime overlay which compiles with current cvs from thunderbird and works for me.
I also tested creation of new identities filling in s/mime fields at once.

As I added a few files, I used  cvs diff -Nup9 to create the patch instead of the proposed cvs diff -up9 .
Attachment #296322 - Attachment is obsolete: true
Attachment #296721 - Attachment description: required by last submitted patch → am-smimeOverlay.js
These four files are required by the patch. My cvs diff did not include them.
Attachment #296721 - Attachment description: am-smimeOverlay.js → mail/extensions/smime/content/am-smimeOverlay.js
Attachment #296722 - Attachment description: am-smimeOverlay.xul → mail/extensions/smime/content/am-smimeOverlay.xul
Attachment #296723 - Attachment description: am-smimeIdentityEditOverlay.xul → mail/extensions/smime/content/am-smimeIdentityEditOverlay.xul
Attachment #296724 - Attachment description: am-smimeIdentityEditOverlay.js → mail/extensions/smime/content/am-smimeIdentityEditOverlay.js
To get the files included in the patch, install the cvsutils package and do a "cvsdo add <file>" for each of them before doing the diff.
if i execute "cvs add ..." in the correct directory I get a 
"cvs [server aborted]: "add" requires write access to the repository"

if i execute a "cvs diff -up9 ..." or "cvs diff -up9 --new-file ..." I get
"cvs diff: I know nothing about am-smimeOverlay.js"
.
Attachment #296720 - Attachment is obsolete: true
Attachment #296721 - Attachment is obsolete: true
Attachment #296722 - Attachment is obsolete: true
Attachment #296723 - Attachment is obsolete: true
Attachment #296724 - Attachment is obsolete: true
Here comes the new, complete patch after applying cvsdo add .
Please attach to this bug an image file (e.g. jpg, png) showing what the 
new/modified windows look like.

Questions: do these changes work with, or have any effect on, SeaMonkey?
It's important that they not break, or have detrimental effect on, SeaMonkey.
This shows the security entry in the account manager, which should not have changed in look and feel though in implementation.
This shows the new security tab in the edit identites dialog.
Note this uses the same overlay as the security entry in the account management dialog.
I'm not sure about side effects as there is another am-smime.js in the subtree of mailnews. I only edited the part in the mail subtree but i still have to find out why there are two different versions.
It also confuses me that the jar.mn in the mail subtree includes some files from the mailnews subtree so why weren't all files included from over there?

I looked through the code and even compiled and tested seamonkey.
I am now convinced that there are no side effects of this patch to seamonkey, as the changed stuff only applies to thunderbird and is not used by seamonkey.
I did run into trouble with the last patch as the new files did not include the correct path settings. This got corrected with this patch.

Additionally, I added the mozilla licence header to the new files (some were missing them) add synced the function askUser with the one of the seamonkey project, which had a patch applied concerning askUser.
Attachment #296730 - Attachment is obsolete: true
(meaning the patch included a 
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ am-smimeIdentityEditOverlay.xul     12 Jan 2008 19:04:18 -0000

instead of a
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ mail/extensions/smime/content/am-smimeIdentityEditOverlay.xul       13 Jan 2008 12:26:34 -0000
)

Thanks for working on this! A few quick comments about the patch, and yes I realize at least some of it is from code you're just reusing... 

 - shouldn't use alert() in the catch -> just use dump()
 - remove trailing spaces and spaces on empty lines
 - if else, no need for { } if it's just a single line - otherwise follow conventions
 - indenting: follow the conventions in the file, for new files we prefer two space indention - fix where incorrect
 - keep lines at 80 chars were reasonable
 - securityTab.label should probably go first in the file (for logical reasons)
 - no need for "....", and at least some comment sentence needed capitalization of first letter
 - make the disableIfLocked function comment /** */ style

After fixing those, ask for review by setting the proper flags on the attachment. See http://developer.mozilla.org/en/docs/Getting_your_patch_in_the_tree
Assignee: mscott → 1ac7b2edaa08e4edd3334c5dc4b966af
should fix all the style issues
Attachment #296817 - Attachment is obsolete: true
Attachment #297132 - Flags: superreview?(mscott)
Attachment #297132 - Flags: review?(mscott)
changes as requested in bug 278549
Attachment #297132 - Attachment is obsolete: true
Attachment #297132 - Flags: superreview?(mscott)
Attachment #297132 - Flags: review?(mscott)
Comment on attachment 297193 [details] [diff] [review]
Adds a S/MIME Tab to identity management of accounts

it's the same stuff written agains thunderbird.
Attachment #297193 - Flags: superreview?(neil)
Attachment #297193 - Flags: review?(neil)
Same changes as for bug [278549].
Attachment #297193 - Attachment is obsolete: true
Attachment #297325 - Flags: superreview?(neil)
Attachment #297325 - Flags: review?(neil)
Attachment #297193 - Flags: superreview?(neil)
Attachment #297193 - Flags: review?(neil)
Attachment #297325 - Attachment description: Adds a S/MIME Tab to identity management of accounts → Adds an S/MIME Tab to identity management of accounts
Attachment #297325 - Attachment description: Adds an S/MIME Tab to identity management of accounts → Adds an S/MIME tab to identity management of accounts
Comment on attachment 297325 [details] [diff] [review]
Adds an S/MIME tab to identity management of accounts

I don't do Thunderbird reviews, although you would probably find you get a faster Thunderbird review once you get review for bug 278549.
Attachment #297325 - Flags: superreview?(neil)
Attachment #297325 - Flags: review?(neil)
Attachment #297325 - Flags: review?(bienvenu)
Note: If you dislike whitespace changes, have a look at one of the first patches.
If you dislike js functionality of different dialogs to be merged into a single file, have a look at a middle patch.
some "style" issues
Attachment #297325 - Attachment is obsolete: true
Attachment #297325 - Flags: review?(bienvenu)
for some reason cvs diff did not include the new files last time. here they are.
Attachment #302862 - Attachment is obsolete: true
Attachment #302869 - Flags: superreview?(bienvenu)
Attachment #302869 - Flags: review?(mscott)
fixed idention for some lines in a new if-block.
Attachment #302869 - Attachment is obsolete: true
Attachment #303225 - Flags: superreview?
Attachment #303225 - Flags: review?
Attachment #302869 - Flags: superreview?(bienvenu)
Attachment #302869 - Flags: review?(mscott)
Attachment #303225 - Flags: superreview?(bienvenu)
Attachment #303225 - Flags: superreview?
Attachment #303225 - Flags: review?(mscott)
Attachment #303225 - Flags: review?
remove the mail address from the security tab
Attachment #296801 - Attachment is obsolete: true
same changes as for bug #278549
Attachment #303225 - Attachment is obsolete: true
Attachment #304087 - Flags: superreview?
Attachment #304087 - Flags: review?
Attachment #303225 - Flags: superreview?(bienvenu)
Attachment #303225 - Flags: review?(mscott)
Attachment #304087 - Flags: superreview?(bienvenu)
Attachment #304087 - Flags: superreview?
Attachment #304087 - Flags: review?(mscott)
Attachment #304087 - Flags: review?
Comment on attachment 304087 [details] [diff] [review]
Adds an S/MIME Tab to identity management of accounts

Will soon be replaced with the results of the seamonkey discussion.
Attachment #304087 - Attachment is obsolete: true
Attachment #304087 - Flags: superreview?(bienvenu)
Attachment #304087 - Flags: review?(mscott)
Flags: wanted-thunderbird3?
Flags: wanted-thunderbird3? → wanted-thunderbird3+
No longer blocks: 278549
Depends on: 278549
Comment on attachment 296322 [details] [diff] [review]
Adds a S/MIME Tab to identity management of accounts.

Attachment description too long.

Original description: Adds a S/MIME Tab to identity management of accounts.
Written agains Thunderbird 2.0.0.6 (Ubuntu 7.10).
It basically moves am-smime.xul into am-smimeOverlay.xul and makes some adaptive changes to am-smime.xul, am-smime.js, am-identity-edit.xul, am-identity-edit.js and messenger/am-identity-edit.dtd.

New description:
Adds a S/MIME Tab to identity management of accounts.
Attachment #296322 - Attachment description: Adds a S/MIME Tab to identity management of accounts. Written agains Thunderbird 2.0.0.6 (Ubuntu 7.10). It basically moves am-smime.xul into am-smimeOverlay.xul and makes some adaptive changes to am-smime.xul, am-smime.js, am-identity-edit.xul, am-ident → Adds a S/MIME Tab to identity management of accounts.
1ac7b2edaa08e4edd3334c5dc4b966af@fami-braun.de: can you submit a thunderbird patch corresponding to the final patch of bug #278549?
I've been busy for a while now but am trying to submit it as soon as possible.
I ran into this problem just today with SeaMonkey, using certs for the first time. 
I could work around it by making shutting down SM, hacking prefs.js to make the sub-identity the default, restarting, configuring it as the default, and changing back the prefs. This is slightly easier as a workaround than typing lots of stuff into about:config. ;-)
Blocks: TB2SM
Given that TB and SM share the account manager, which contains/spins off
the respective settings windows, I wonder why this stuff was forked in the first
place? Anyway, SM is already fixed...
No longer blocks: TB2SM
1ac7b2edaa08e4edd3334c5dc4b966af: any update on a thunderbird patch?

Leaving this as wanted-tb3+, setting target milestone to tb3beta2.
Priority: -- → P3
Target Milestone: --- → Thunderbird 3.0b2
Hey, this bug has been files 4 years ago! Obviously encryption has no priority at mozilla.com. I'm very disappointed.
I created bug #455180, marked as a duplicate of this bug.
As H.Goebel, we are very disappointed after know that it bug was reported 4 years late and still don't have fix.
So... Is impossible use this MUA in corporation.
Wating to Thunderbird 3.0

Best regards,
Renato
I have solved this issue by writing a small addon
<https://addons.mozilla.org/de/firefox/addon/8814>

The add essentially consists of about 10 lines of glue code. I ready wonder why nobody at mozilla was able to write this 10 lines. For somebody how knows the program and it's architecture this would have been about 1/2 hours work. For me it took 6 hours, because I had to find my way through the XUL labyrinths.
Depends on: 455310
(In reply to comment #75)
> I created bug #455180, marked as a duplicate of this bug.
> As H.Goebel, we are very disappointed after know that it bug was reported 4
> years late and still don't have fix.

This bug isn't 4 years late, it was reported 4 years ago, and is currently marked as wanted for Thunderbird 3.

We have many bugs in our database that are similar sort of age. We have not always had the time or people avaliable to fix all the bugs.

Anyone is welcome to volunteer to help fix bugs, see http://www.mozillamessaging.com/en-US/getinvolved/#develop

In this case someone has done a patch, but it was only for SeaMonkey, and a Thunderbird version hasn't been provided.

However, having looked at the code, I would rather the difference between SeaMonkey and Thunderbird be unforked rather than doing another copy of the same code. I have therefore raised bug 455310 which would unfork the code and should fix this bug at the same time.
Whiteboard: [prefer bug 455310 to unfork files to fix this]
This add-on, developed by Hartmut Goebel fix this bug!
https://addons.mozilla.org/en-US/thunderbird/addon/8814

Thanks Mr. Goebel!

Regards,
Renato S. Yamane
So sorry, this add-on fix bug #455180

Regards,
Renato
Assignee: 1ac7b2edaa08e4edd3334c5dc4b966af → mkmelin+mozilla
Whiteboard: [prefer bug 455310 to unfork files to fix this] → [will be fixed by bug 455310]
Target Milestone: Thunderbird 3.0b1 → Thunderbird 3.0b2
Bug 455310 landed.
->FIXED
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Whiteboard: [will be fixed by bug 455310] → [fixed by bug 455310]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: