Closed Bug 728607 Opened 12 years ago Closed 12 years ago

Display the Sender header if From does not match the addres in the S/MIME certificate/signature

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Version:
10 Branch
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 332639

People

(Reporter: reg2008, Unassigned)

References

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
Build ID: 20120216115113

Steps to reproduce:

Received a message with valid S/MIME signature. The From header was filled with different e-mail addres than the addres in the certificate. But the value of Sender header matches with certificate.


Actual results:

Thunderbird shows the Signed icon (valid signature). 

It is OK. RFC 2632 says:

Receiving agents MUST check that the address in the From OR Sender header of a mail message matches an Internet mail address in the signer's certificate


Expected results:

But Thunderbird should display (in this cases) the value of Sender header. Because without it, the user sees the icon "Signature OK" and some e-mail address (From header) which differs from the certificate holder.
See Also: → 332639
Summary: Display the Sender header if From does not match addres in S/MIME certificate → Display the Sender header if From does not match the addres in the S/MIME certificate/signature
It is similar in Enigmail (PGP), but Enigmail adds special bar where user can see the real e-mail addres of the sender/signer. And it shows also name of the signer, key ID and date of signature – this additional information are not needed to be shown for S/MIME messages, but the sender address should be.
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.