Closed
Bug 368775
Opened 18 years ago
Closed 15 years ago
Implement signed receipts feature of SMIME specified in ESS (RFC 2634)
Categories
(MailNews Core :: Security: S/MIME, enhancement)
MailNews Core
Security: S/MIME
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 386313
People
(Reporter: alpha096, Unassigned)
References
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.2pre) Gecko/20061023 SUSE/2.0.0.1-0.1 Firefox/2.0.0.2pre Build Identifier: version 1.5.0.9 (20060911) An S/MIME X 509 Digital Certificate issues by a CA has many obvious advantages but some are not able to be utilities - Namely Email Tracking. A CA issues Digital Signature allows 1. For the recipient to see if the envelope has been opened or tampered with in transit. 2.It ensures that ONLY the recipient email address can open the Email. 3. Enables tracking of the message by requesting a Digital Receipt. The recipient has NO choice as to weather a security receipt is returned to the signer. You cannot turn off requests for Digital Security receipt as the request in encapsulated in the signing process I believe, anyway NO one can turn off Digital Security Return Receipts - ever. - See Full information is above URL's My request is to provide functionality to enable a Digital Receipt to be requested when sent. The advantage of requesting a Digital Receipt - and this can only be done with S/MIME certificates as that the recipient has NO choice nor is aware that a receipt will be sent back to the sender. ANY change to an S/MIME message where a digital receipt is requested results in the sender being able to track the message. The sender is notified of the following automatically. 1. The message was opened and read on by "users account name" DD/MM/YYYY xxxxxxxxxxxx 2. The message was Deleted without being read on by "user account name " DD/MM/YYYY xxxxxxxxxxxxxxxx 3. The message was opened and forwarded by "user account name" on DD/MM/YYYY xxxxxxx Where xxxxxxx is further information I cannot recall A Digital Receipt is only possible for Version 3 of S/MIME which is significantly dealt with in http://technet.microsoft.com/en-us/library/02deb7c5-89d4-4e15-9300-5fc355ea83a4.aspx and secure receipts dealt with in RFC http://www.ietf.org/rfc/rfc2634.txt Reproducible: Always Steps to Reproduce: 1. 2. 3. This is a significant part of the advantages of paying a vast amount of money for Digital S/MIME certificates by a company and not being able to utile part of the security action which were made available in 1999 when Version 3 specs were formulated. As both a security measure and feature which has been available since MS office 2000 I would trust commercial impact of this enhancement should be treated more as a 'would like to have' Thank you for your consideration Scott
Reporter | ||
Updated•18 years ago
|
Summary: NO current Facility to track secure Email which posses S/MIME X 509 Digital Certificates → NO current Facility to track secure Email which posses S/MIME V3 Digital Certificate
Comment 2•17 years ago
|
||
Maybe the functionality mentioned by Scott here is really missing in Thunderbird. I am not an expert in S/MIME, but I have looked at RFC2634 (http://www.ietf.org/rfc/rfc2634.txt), which states in the introduction to chapter 2: ++ 2. Signed Receipts Returning a signed receipt provides to the originator proof of delivery of a message, and allows the originator to demonstrate to a third party that the recipient was able to verify the signature of the original message. This receipt is bound to the original message through the signature; consequently, this service may be requested only if a message is signed. The receipt sender may optionally also encrypt a receipt to provide confidentiality between the receipt sender and the receipt recipient. ++ I have found this feature in MS Outlook: There, when sending a message, one can choose in the security settings "Request S/MIME receipt for this message". I have sent such signed (plain-text or encrypted) messages, requesting a signed receipt, from Outlook. Then, when I receive and read these messages with Thunderbird, nothing special happens (I can read the messages, and Thunderbird correctly verifies the S/MIME signature.). In particular, no receipt arrives at the account in Outlook. Only at the moment when I receive and read this message with Outlook, a signed return receipt is generated and sent back to the sender address. Then, from Outlook, I can read this receipt which states that the message was read and the signature was verified. By the way, I cannot read this S/MIME receipt with Thunderbird: Thunderbird states that it cannot decrypt the receipt because the private key needed is not installed. (But I have installed the same private keys in Thunderbird and in Outlook.) The other way round, when I send a signed (and eventually encrypted) message with Thunderbird and select the "Return Receipt" option, Thunderbird simply asks for as usual return receipt, not for a signed one. Summarizing, it seems to me that: * Thunderbird does not provide the possibility to request an S/MIME return receipt. * Thunderbird does not correctly react to an arriving message which asks for an S/MIME receipt. * Thunderbird is not able to open and read S/MIME receipts. Of course, it could be that all this is some feature proprietary to Microsoft. But it seems to me (cf. RFC2634) that this indeed is a standard, which obviously Thunderbird has not implemented yet. [I am using the official Thunderbird 2.0.0.6 version. Maybe some new functionality is already included in newer CVS versions?]
Reporter | ||
Comment 3•17 years ago
|
||
Perhaps in light of Summarizing, it seems to me that: * Thunderbird does not provide the possibility to request an S/MIME return receipt. * Thunderbird does not correctly react to an arriving message which asks for an S/MIME receipt. We need to correctly handle the message firstly. In respect to proprietary to Microsoft the answer is NO The S/MIME receipt is ISO both in sending and requesting More information in http://www.pki-page.org/ http://mysite.verizon.net/ambur/x509.htm The X 5.09 standard that we all use was outline by the united nations and such all S/MIME X 5.09 ISO is NOT proprietary. If you require further references if these are no of value let me know and will dig
Updated•15 years ago
|
Assignee: dveditz → nobody
Status: UNCONFIRMED → NEW
Component: Security → Security: S/MIME
Ever confirmed: true
OS: Linux → All
Product: Thunderbird → MailNews Core
QA Contact: thunderbird → s.mime
Hardware: x86 → All
Summary: NO current Facility to track secure Email which posses S/MIME V3 Digital Certificate → Implement signed receipts feature of SMIME specified in ESS (RFC 2634)
Version: unspecified → Trunk
Updated•15 years ago
|
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•