Open Bug 442448 Opened 16 years ago Updated 2 years ago

Incorrect handling of S/MIME signatures when forwarding


(MailNews Core :: Security: S/MIME, defect)



(Not tracked)



(Reporter: fommil, Unassigned)




(2 files)

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; en-gb) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20
Build Identifier: 

Thunderbird supports S/MIME encryption and signing of messages using, for example, "Personal E-Mail Certificates" from Thawte

This describes a bug regarding the forwarding of digitally signed messages.

Consider a setup which has 3 people. The first person sends a digitally signed message to the second person, who then forwards the message on to a third person. If Thunderbird is the second person's e-mail client, then the third person will receive a warning (tested in Thunderbird, Outlook or Apple Mail) along the lines of "unable to verify message signature".

What is happening is that Thunderbird is forwarding the first person's signature along with the message and then the third person is seeing that as the signature attached to the second person's message, which obviously fails.

Reproducible: Always

Steps to Reproduce:
1. forward a digitally signed message to a third party

Actual Results:  
the original signature is carried along and associated with the new message, and the recipient receives a failure warning

Expected Results:  
no failure message on the recipient's client

the digital signature would not be carried through, or that the e-mail would give a hint to the receiving client that the signature is attached to the forwarded message not the entire message itself.
Seems to work for me, with trunk Thunderbird: if I forward inline the signature isn't forwarded, if I forward as an attachment, the signature is (correctly) retained, and the outer mail doesn't claim to be signed, while the attachment has a valid signature (though I don't see any way in to discover that an attached email is signed, valid or invalid).

I'm more than willing to believe it happens, but we're missing something about what person two does, or uses.
I'll try to work out the exact series of events. I am usually the first or third person in this story, and hence end up seeing the validity errors.
I have confirmed this behaviour in both

User-Agent: Thunderbird (Windows/20080421)
User-Agent: Thunderbird (Macintosh/20080421)

Here is the test case, using 2 e-mail addresses with Thawte signatures (you could probably use 1, but I was unable to pick up mail-to-self in a Google Mail POP3 account):-

- person 1 (Apple Mail in my case) sends a digitally signed e-mail to person 2
- person 2 receives the mail (in Thunderbird) and forwards it back to person 1
- person 1 receives the mail along with the "verification failed" message.

I have attached 2 files. first.eml is the message that person 2 receives and second.eml is the forwarded message that the 3rd (or 1st here) person receives. Note that second.eml fails the verification test.

It may well be that Thunderbird is altering the original message somehow!
Ah. That seems like a bug, their equivalent of our bug 156546. Thunderbird's forward-as-attachment has content-disposition: inline, and while Thunderbird sees the result as an outer mail (which may or may not be signed by person 2), and an inner one which is displayed inline but also shown as an attachment that can be opened separately, which then shows the valid signature from person 1, says inline means inline only, and if person 2 didn't sign their forward acts as though there's no signature at all, but if person 2 did sign, it objects to person 1's signature being invalid.

If person 2 is actually a single person, you can work around that by having them set the hidden pref mail.content_disposition_type to either 1 (attach everything as content-disposition: attachment) or 2 (attach everything except text/plain as attachment), though that may result in some clients not showing some attachments inline that they otherwise would.
Depends on: 65794
I should also note that Outlook Express recipients of the forwarded message are also seeing the "verification failed" notice.

Could you please describe the Thunderbird workaround in more detail? In particular, how a user on Windows XP would implement it.
(In reply to comment #7)
> I should also note that Outlook Express recipients of the forwarded message are
> also seeing the "verification failed" notice.

After a protracted battle persuading OE to actually open attached emails at all, I'm not able to see that: whether with content-disposition: inline or attachment, it shows me only the outer email, with a valid signature, and when I open the attachment, shows only the original, with a valid signature.

> Could you please describe the Thunderbird workaround in more detail? In
> particular, how a user on Windows XP would implement it.

Tools - Options - Advanced - [Config Editor] - put part or all of the pref name in the Filter: textbox so it's visible below, double-click the pref in the list, change the value, click OK.
Sam did you fix the issue with phil's comment ?
no, this didn't fix it
I tried this using TB 3.

-Bill sent me a signed email from Apple Mail
-I opened it (find) and forwarded it back to him
-He opened the forwarded email and it was signed by me.  He opened the enclosed .eml file and that was also correct.

Is this still an issue with the latest versions of TB and Apple Mail?
Component: Security → Security: S/MIME
Product: Thunderbird → MailNews Core
QA Contact: thunderbird → s.mime
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.