Closed Bug 551248 Opened 14 years ago Closed 14 years ago

Encrypt messages using a certificate that does not include an email address

Categories

(Thunderbird :: Security, enhancement)

Product:
Thunderbird
Component:
Security
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 189046

People

(Reporter: kathleen.a.wilson, Unassigned)

Details

The request is to update Thunderbird to allow users to encrypt a message using a certificate that does not include an email address.

Summary of current behavior:
- It is possible to send and receive digitally signed messages in Tbird
using certs without an email address;
- Tbird displays a clear message when a certificate, that does not contain an email address, is used to sign the message. Tbird complies with the general PKI principal (the cert info is dominating) and with the S/MIME standard;
- Tbird does not allow you to encrypt a message with a cert that does not contain an email address. It is possible to decrypt such a digitally signed and encrypted message sent from another email client. 

For details, please see
https://bugzilla.mozilla.org/show_bug.cgi?id=431085#c5
Summary: Encrypt email using a cert without an email address → Encrypt messages using a certificate that does not include an email address
Doesn't that defeat S/Mime ? Isn't there a RFC on the matter somewhere ?
Section 3 from RFC 5750 (http://tools.ietf.org/html/rfc5750#section-3): ”End-entity certificates MAY contain an Internet mail address…”
…..”Receiving agents MUST recognize and accept certificates that contain no
email address.”  ……”Receiving agents MUST check that the address in the From or
Sender header of a mail message matches an Internet mail address, if present,
in the signer's certificate, if mail addresses are present in the certificate.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.