Closed
Bug 728607
Opened 12 years ago
Closed 12 years ago
Display the Sender header if From does not match the addres in the S/MIME certificate/signature
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 332639
People
(Reporter: reg2008, Unassigned)
References
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2 Build ID: 20120216115113 Steps to reproduce: Received a message with valid S/MIME signature. The From header was filled with different e-mail addres than the addres in the certificate. But the value of Sender header matches with certificate. Actual results: Thunderbird shows the Signed icon (valid signature). It is OK. RFC 2632 says: Receiving agents MUST check that the address in the From OR Sender header of a mail message matches an Internet mail address in the signer's certificate Expected results: But Thunderbird should display (in this cases) the value of Sender header. Because without it, the user sees the icon "Signature OK" and some e-mail address (From header) which differs from the certificate holder.
Reporter | ||
Updated•12 years ago
|
Summary: Display the Sender header if From does not match addres in S/MIME certificate → Display the Sender header if From does not match the addres in the S/MIME certificate/signature
Reporter | ||
Comment 1•12 years ago
|
||
It is similar in Enigmail (PGP), but Enigmail adds special bar where user can see the real e-mail addres of the sender/signer. And it shows also name of the signer, key ID and date of signature – this additional information are not needed to be shown for S/MIME messages, but the sender address should be.
Updated•12 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•