Closed
Bug 293981
Opened 19 years ago
Closed 16 years ago
RFC2634 suggests user undeactivateable S/MIME return receipts if requested
Categories
(MailNews Core :: Security: S/MIME, enhancement)
MailNews Core
Security: S/MIME
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 386313
People
(Reporter: t.schorpp, Assigned: KaiE)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050420 Debian/1.7.7-2 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050420 Debian/1.7.7-2 Yes, I've searched the bugbase. Yes, I'm sure its not a duplicate. S/MIME implementations MUST be able to generate return signed receipt messages. s/mime return receipts are not implemented in mozilla suite, why? S/MIME receipts are digitally signed, as is the request. The S/MIME specification requires compliant clients to honor receipt requests, without including an option to suppress receipts like for ordinary messages. theres no other interpretation of RFC2634. so it should be impl'd soon... Reproducible: Always Steps to Reproduce: 1. send signed mail with return receipt request. you get it from conformant clients. 2. receive signed mail with return receipt req with mozilla. it deliveres the receipt UNSIGNED. 3. Actual Results: you get it from conformant MUA clients. mozilla. it deliveres the receipt UNSIGNED. Expected Results: 1. sign the return receipt. 2. do not allow supression by user if S/MIME request. --------------mdn070205010204010305060003 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit This is a Return Receipt for the mail that you sent to schorpp@schorpp.dyndns.dk. Note: This Return Receipt only acknowledges that the message was displayed on the recipient's computer. There is no guarantee that the recipient has read or understood the message contents. --------------mdn070205010204010305060003 Content-Type: message/disposition-notification; name="MDNPart2.txt" Content-Disposition: inline Content-Transfer-Encoding: 7bit Reporting-UA: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050420 Debian/1.7.7-2 Final-Recipient: rfc822; schorpp@schorpp.dyndns.dk Original-Message-ID: <4284372E.8040509@gmx.de> Disposition: manual-action/MDN-sent-manually; displayed --------------mdn070205010204010305060003 Content-Type: text/rfc822-headers; name="MDNPart3.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline X-UIDL: a45ce4c04bf044211da16bcc710b1ba2.1115961193.1 X-UIDL: a45ce4c04bf044211da16bcc710b1ba2.1115961193.1 Return-path: <t.schorpp@gmx.de> Envelope-to: schorpp@schorpp.dyndns.dk Delivery-date: Fri, 13 May 2005 05:13:08 +0000 Received: from pop.gmx.net ([213.165.64.20] helo=mail.gmx.net) by tom3.schorpp.dyndns.dk with smtp (Exim 4.50) id 1DWSTp-00041K-PD for schorpp@schorpp.dyndns.dk; Fri, 13 May 2005 05:13:08 +0000 Received: (qmail invoked by alias); 13 May 2005 05:12:25 -0000 Received: from p83.129.182.144.tisdip.tiscali.de (EHLO [192.168.2.100]) [83.129.182.144] by mail.gmx.net (mp002) with SMTP; 13 May 2005 07:12:25 +0200 X-Authenticated: #17142692 Message-ID: <4284372E.8040509@gmx.de> Disposition-Notification-To: thomas schorpp <t.schorpp@gmx.de> Date: Fri, 13 May 2005 07:12:14 +0200 From: thomas schorpp <t.schorpp@gmx.de> Reply-To: t.schorpp@gmx.de User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050420 Debian/1.7.7-2 X-Accept-Language: en MIME-Version: 1.0 To: thomas schorpp <schorpp@schorpp.dyndns.dk> X-Enigmail-Version: 0.91.0.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms090103050504040202060101" X-Y-GMX-Trusted: 0 X-SA-Exim-Connect-IP: 213.165.64.20 X-SA-Exim-Rcpt-To: schorpp@schorpp.dyndns.dk X-SA-Exim-Mail-From: t.schorpp@gmx.de Subject: [Fwd: Hays] X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on tom3.schorpp.dyndns.dk X-Spam-Level: X-Spam-Status: No, score=0.7 required=3.0 tests=AWL,BAYES_00,HTML_50_60, HTML_MESSAGE,HTML_TEXT_AFTER_BODY,HTML_TEXT_AFTER_HTML, MIME_HTML_MOSTLY autolearn=no version=3.0.2 X-SA-Exim-Version: 4.2 (built Thu, 03 Mar 2005 10:44:12 +0100) X-SA-Exim-Scanned: Yes (on tom3.schorpp.dyndns.dk) --------------mdn070205010204010305060003--
Reporter | ||
Comment 1•19 years ago
|
||
no. some diverting opinions around. the rfc has set this to optional. changed to enhancement. y tom schorpp
Severity: major → enhancement
Comment 2•19 years ago
|
||
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
Reporter | ||
Comment 3•19 years ago
|
||
Suggest to leave open.
Summary: RFC2634 requires user undeactivateable S/MIME return receipts if requested → RFC2634 suggests user undeactivateable S/MIME return receipts if requested
Updated•17 years ago
|
QA Contact: s.mime
Comment 4•16 years ago
|
||
Considering the reaction and response that bug 295922 got, I am VERY confident that, if we add the signed return receipt feature to mozilla mail/news, we will absolutely make it something that the user can override and disable. Any other choice would make sending a signed message to someone an invasion of privacy, a way to probe for live mailboxes, whether the user of that mail box wanted to reveal his existence or not. This RFE is a duplicate of bug 386313.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•