Open Bug 74157 Opened 19 years ago Updated 4 months ago

S/MIME support in Mozilla Mail tracking bug

Categories

(MailNews Core :: Security: S/MIME, enhancement)

enhancement
Not set
normal

Tracking

(Not tracked)

People

(Reporter: jmdesp, Unassigned)

References

(Depends on 13 open bugs)

Details

(Keywords: meta)

There's some discussion around about the need of S/MIME support in
Mozilla/Netscpae 6, but no specific bug opened for that.

I know everyone in Netscape has many things to do for Mozilla, but S/MIME is
really important.

It's hard for me to imagine version 1.0 would ship without S/MIME.

SSL/TLS was a requirement for the navigator from the start. 
Why is S/MIME so low in the order of priority comparatively ?

Well, at least this RFE will make clearly visible what level of importance
Netscape is giving to this.

Most of the bricks needed for S/MIME are there, NSS has all the component
required, the signing/encrypting UI is being created for the PGP plug-in.

BTW currently a signed mail where the signed content is included inside the
signature will generate the following display :
This is an ENCRYPTED message. Mozilla Mail does not support encrypted mail.

In that case, it's false, the message is signed, not encrypted, but the signed
content is not available separately from the signature.
Security:Crypto
Assignee: mstoltz → ddrinan
Status: UNCONFIRMED → NEW
Ever confirmed: true
Product: MailNews → Browser
cc people
Component: Security: General → Security: Crypto
If I understand the Mozilla schedule, S/MIME will not be done in time to ship
1.0.  We are, however, staffing up to take the existing S/MIME libraries in NSS
and reflect them in the mail client. Volunteers should contact lord@netscape.com.

Stay tuned to the mozilla.crypto newsgroup.  We'll post there as we make progress.
Component: Security: Crypto → Client Library
Product: Browser → PSM
Version: other → 2.0
Target Milestone: --- → Future
*** Bug 85249 has been marked as a duplicate of this bug. ***
*** Bug 89232 has been marked as a duplicate of this bug. ***
*** Bug 91586 has been marked as a duplicate of this bug. ***
Mass assigning QA to ckritzer.
QA Contact: junruh → ckritzer
Blocks: advocacybugs
Since Netscape 4.x had this feature Mozilla 1.0 shouldn't be released without 
S/MIME support. The people who need encrypted mail can't change to Mozilla 
without S/MIME.
*** Bug 103030 has been marked as a duplicate of this bug. ***
*** Bug 63288 has been marked as a duplicate of this bug. ***
QA > alam
QA Contact: ckritzer → alam
*** Bug 84213 has been marked as a duplicate of this bug. ***
Depends on: 95262
Depends on: 105526
We're starting the process to land the first cut at S/MIME support in the
Mozilla Mail client.  This first cut will have close to no UI, but it will allow
you to send and receive signed and encrypted email. The first draft of the UI
specs will follow shortly after.

You should expect to see some progress in the next 2-3 weeks if all goes as planned.
Let us know how we can test it
Priority: -- → P1
Target Milestone: Future → 2.2
*** Bug 108548 has been marked as a duplicate of this bug. ***
*** Bug 108556 has been marked as a duplicate of this bug. ***
S/MIME seems to be in now... just to let those people know who wanted to know :)
I just downloaded the latest 11/13 build and it is not there. And even worse,
the security manager is gone! I cannot manage my certificates now. 

Please explain how we are to access the S/MIME features?
I found out that MailNews now displays a message about verification of signed
S/MIME messages.
E.G.: I've recieved a signed message.
Here's a fragment of its Content type:

Content-Type: multipart/signed;
	micalg=SHA1;
	protocol="application/x-pkcs7-signature";

When I click to read it, i get a messagebox stating "This is a signed message
with a valid signature".

Are there any more goodies?
See bug 105526
Aha, all those new features are listed in attachment 54120 [details].

Is this support in the public trunk? I downloaded today's version for Linux, and
while there are options to sign and encrypt, they do nothing. They do not even
trigger the certificate selection process. 

The 111303 windows (2k) version (Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
rv:0.9.5+) Gecko/20011113) does not even have the security option in the mail
composition window. Am I missing something here?
you first select your cert under mail server options.  The sign/encrypt options
will then work.   -GA
The user interface is surely a lot worse than in Netscape.

I did all you said, and now the mail send fails, saying to check the mail server
settings.

Also, when I pop up the security options menu in the Linux compose window,
selecting any of the options does not seem to stick. There is no dot next to the
option when i click it and then come back to the menu.
"...and now the mail send fails, saying to check the mail server
settings."

reference:
http://bugzilla.mozilla.org/show_bug.cgi?id=108912
I tried today's linux build (SuSE 7.3 dual processor pentium pro) again. When I
turned off the sign mail box, it was able to send mail.

When I turned it back on and tried again, Mozilla crashed. Twice.

The feedback agent sent 2 reports ....
The final design is still being worked out. this is a daily build release that
will help us work out the bugs in the underlying crypto libraries. For the UI, see:
http://www.mozilla.org/mailnews/specs/security/
and
http://www.mozilla.org/mailnews/specs/security/Options.html
Please see also netscape.public.mozilla.crypto
I'm working in build 2001112806 on MacOS X (10.1.1) and if I have the option
selected to sign a message when it is being sent, I get an error saying "Sending
of message Failed. Please verify that your Mail & Newsgroups settings are
correct and try again." 

If I disable the option to sign, mail sends just fine.  I'll be glad to do more
testing if anyone wants me to try something. 
OK, I kinda need to rescind that last report.  The problem appears to be that
you get that error if you are trying to use a certificate that is not trusted
(in my case, the root CA was not installed).  

But never the less, the error is still a bad one.  I guess one needs to get an
error saying that there is a problem with the certificate that you are trying to
use to sign email.
Now that S/MIME Support was checked in and enabled, shouldn't this bug be closed?
If it is enabled, it surely does not work for me yet on yesterday's build.

There are at least "user interface" issues since it works like a charm for me on
Netscape 4.7x, but I cannot get a signed or encrypted message sent.

Perhaps a short tutorial posted here might solve this. I usually get an error
about a misconfiguration of the mail server.
A big problem with the S/MIME interface is that it does not allow you to select
the recipient's certificate. I for example have one certificate, but about 6
e-mail addresses. If a person wants to send me e-mail at other than the address
in the certificate, he is out of luck.

The option/security menu does not allow an encrypt and/or sign just this
message. In general, I do not want to encrypt or sign everything!

A poster here said S/MIME will not work unless all the CAs are "trusted." Well,
if the send fails because of this, a pop-up needs to be generated saying which
CA is the problem and also allowing the user to decide whether to trust it just
this once, or forever, and for what purposes.
My mail still fails to send if I check encryption or signature. And A lot of the
times, the buttons for these do not stick. I set them, and for the same message,
return to the security settings option, and they are unset again.

So if the encrypt option is set, the mail will not send, or else, it cannot be set.
I'm seeing this too now (send failed if signing checked). 
regarding comment #33.
You can certainly set your cert in the account manager, then decide not to check
the sign messages.
Once you've done that you can use the option menu to set the signing and
encryption for each messages.
This works with build 2002010903

Currently the s/mime implementation is only here to catch s/mime libraries
issues.  The specs for the ui can be viewed at
http://rocknroll/users/jglick/publish/Security/Security.html

Trust issues are central to the PKI model. We will provide better feedback when
reading an email whose signature fails to validate.

We will provide feedback on why a email cannot be signed/encrypted.

If you're currently unable to send a signed email you may be hitting a variety
of bugs, or your mail account may not be configured correctly.

If you want to help, you may want to try and isolate the issue by setting up a
new profile, by trying different scenarios. Things that may affect your ability
to find your own signing cert (many of them bugs that need to be fixed) are:
Not yet logged in to the software security device (the client should prompt you).

The setting of prefs->sec->certificates->ask every time/choose automatically.

Certificate database corruption issues (testing on a new profile help isolate
these).

Certificate issues (expiration date, trust, broken CA chain, untrusted CA, etc...)

Use of Hardware devices.

Random Mozilla regression in the XUL which cause the prefs settings or the
options/security menu of the compose window to be broken (javascript console may
help isolate these.)

Regarding email addresses and certificates.  When you sign an email send from
one account, the various rfc strongly recommend that the certificate used to
sign the email contain the email address of the sender in the altSubjectName
field, or the E= attribute of the cert subject name.  Without this, it's very
easy to take a non signed email send by a@foo.com, modify it (buy 1,000,000 of
this rather than 1,000) sign it with a different cert (the signature will be
"valid") and let it go to the recipient who would be given a feedback that the
email is "signed".

Note that certificates can have multiple addresses in the altSubjectName
(although mozilla may not work well yet in that case - but it's in the plan).

Thawte certificates for example allow you to add email addresses to them
(actually you a new cert based on the same key material is issued).

The other way to handle multiple email addresses is to have different Mail/News
accounts with different certificates. This is definitely supported today. There
maybe many reasons to want to have different certificates. One may be issued by
your employer, one may be for personal use.  You wouldn't want to use one for
the other, as employer often escrow the encryption keys.  Other reasons may
include how the certificate was issued (certain "classes" of certificate require
you to have a face-to-face encrollment procedure to verify your identity. The
cert would carry much more weight.)
http://rocknroll/users/jglick/publish/Security/Security.html
does not work for me.....

I have no problems using certificates with Netscape 4.x...

For commercial purposes, I agreee about that e-mail address matching the
certificate address is a good idea. But if I want to send private mail to
friends, they will know it is me, even if my account and e-mail do not match.
Managing user certificates gets to be a nightmare, and certificates cost money,
so having many is hard to justify. If I encrypt a message with a certificate
that does not agree with my e-mail address, my receiver, if they already have
and trust my certificate, knows that it was encrypted with my private key, so if
the certificate has not been revoked, it really did come from me. The situation
gets more complex when I have multiple e-mail aliases that all go to the same
place. I am jar@ornl.gov, romeja@ornl.gov, romeja@y12.doe.gov. They all get sent
to the same place, and I cannot always control which one is used.

In any event, this choice should be up to the user.
Another option to check is your OCSP setting.  See Bug 119540
The inteface spec helped a bit. I sent myself a signed message (to my pop account),
and the expanded subject said signed, but there was no visible signature icon,
nor any way to see the signature. I was able to view the message source and see
the signature in a non-readable format.
I have been able to :
- read and verify succesfully signed emails
- read and fail verify (CA not trusted) of signed emails
- send encrypted email

AFAIC, the initial RFE is done. 
I can sign, I can encrypt.

Now the UI still need work.
I can't have a description of why the check failed or see the certificate of the 
sender (comment #37, this was in 4.x), and some people want more sophisticated 
treatement of the relation email-certificate as can be seen in some comment 
(comment #33, comment #37 , this wasn't in 4.X).

AFAIC, I feel this requests could be in seperated bug, and this bug 
closed-verified.

For people who are used to N 4.X, finding where to set the certificate options 
for mail is really difficult and non intuitive, even if the sheer fact of 
linking then to mail account is a very good idea.
Finding how it can be enhanced could be a usability bug, too.
I think you need to give us folks some clues about how to do all of this. I sent
myself a signed message. There is NOTHING on the window to indicate this. If I
expand the subject pane, it says <signed>, but I find no way of viewing the
signature.

I tried to send an encrypted piece of mail to myself. It complained that it
couldn't find my certificate. I went to the LDAP and downloaded it, so it should
have been in the list of "others" certificates. But it is not there. When I view
my personal certificates, the e-mail address is not listed.

Another issue is that we have e-mail aliases. I am jar@ornl.gov and
romeja@ornl.gov. They both go to the same place. I need a way of seeing which
address my certificate is for.

What am I missing?
For the UI please look at the specs as described in comment #27 (only the first
link is relevant.)

You're using an alpha product as far as s/mime is concerned.  You should not
rely on it.
I saw none of the widgets described in the spec in my signed message.
exactly. the specs is what you'll have when we're done.
Adding some S/MIME bugs to dependencies.
Target Milestone: 2.2 → ---
more dependencies
Depends on: 37020, 115010
Please consider adding a dependency on bug #117992, filed on a problem in
retrieving new certificates from Thawte. 
Thawte Freemail is currently the only to get a free and widely-recognized
personal certificate, so this is quite critical for many potential users of S/MIME.
adding bug 117992 to dependencies.
Depends on: 117992
A nice guide was noted by Stephane Saux a month ago in
news://news.mozilla.org:119/3C4F6A59.8080600@netscape.com
which should help people figure out how to get started testing:

 Sean Cotter put together the following document on using the preliminary      
s/mime functionality now present in daily mozilla builds.  The UI is not fully 
implemented.

 It includes information on getting a test certificate so that one can get
going.  Note that these certificates have a 7 day validity period, so one has to
go and obtain new certs fairly regularly.

 http://www.mozilla.org/projects/security/pki/psm/smime_guide.html
Another free source of S/MIME certificates is Jeff Schiller's fancifully named
"Black Helicopter Organization".  Before you ask how much you should trust
these certs, ask yourself how much liability the commercial cert providers
are willing to accept for their certs....

  http://www.black-helicopter.org/bh/

These are not dual-key certs, so they allow testing different aspects of Mozilla
than the Netscape Test Certificate Authority certs at

  https://testca.netscape.com/

Jeff's also are valid for a lot longer - one year.
Depends on: 128869
Keywords: nsbeta1+
Target Milestone: --- → 2.2
Depends on: 129100
QA > carosendahl@netscape.com 
Component: Client Library → S/MIME
QA Contact: alam → carosendahl
Depends on: 136814
Depends on: 50823
Depends on: 135636
Depends on: 137071
Depends on: 139561
Depends on: 119394
Target Milestone: 2.2 → Future
removing nsbeta1+ as this is a tracking bug
Keywords: nsbeta1+
Summary: [RFE] S/MIME support in Mozilla Mail → [RFE] S/MIME support in Mozilla Mail tracking bug
Depends on: 121906, 144435
Depends on: 161275
Keywords: meta
Summary: [RFE] S/MIME support in Mozilla Mail tracking bug → S/MIME support in Mozilla Mail tracking bug
Blocks: majorbugs
There seems to be an inability to handle S/MIME e-mail from Outlook Express.

The mail looks like:

<usual mail header>

This is a multi-part message in MIME format.

------=_NextPart_000_000E_01C30B52.0C15E090
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<mail message textual content>

------=_NextPart_000_000E_01C30B52.0C15E090
Content-Type: application/x-pkcs7-signature;
	name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPpzCCA60w
ggMWoAMCAQICBDyGbZ8wDQYJKoZIhvcNAQEFBQAwbjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEdMBsGA1UECxMURGVwYXJ0bWVudCBvZiBFbmVyZ3kxJjAkBgNVBAsTHU9h
ayBSaWRnZSBOYXRpb25hbCBMYWJvcmF0b3J5MB4XDTAyMDMwNjE4NTcyOFoXDTIyMDMwNjE5Mjcy
OFowbjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEdMBsGA1UECxMURGVw
.....
k7OtvjyeMAeHi47gAPr54tT2qxa8eAks7qd60xLFpv9+wqXIqiUjYoh3x8QIhM78MLTkPUd9NQUA
AAAAAAA=

------=_NextPart_000_000E_01C30B52.0C15E090--

1) The signature icon in the bottom border is not there
2) Inside the attachment window, is an icon that says it is signed, but you
can't tell unless you open the attachment panel.
3) There seems no way to import the .p7s file into my Mozilla so I can use his
public key.

I even tried clipping the signature file, putting it into a .p7 file, but that
did not work either.

I am using build 2003041704 on win2k.

Why isn't this working?
James, this kind of question should be reserved for the support newsgroups
(news://news.mozilla.org/netscape.public.mozilla.crypto or
news://news.mozilla.org/netscape.public.mozilla.mail-news), not added to a bug
report like this one.

If indeed there's a problem in Mozilla, it should be added as a new bug only
once there's a better description of it.
I received hundreds of signed/encrypted mails from Outlook users, they usually work.

The "usual mail header" part is the one that sounds the most suspicious. 
If you want someone to answer you on the newsgroups, send *all* the headers and
all the content of the mail (anonymize mail adresses first).
Depends on: 209166, 209168
Depends on: 209182
Depends on: 200862
Mass reassign ddrinan's PSM bugs (with his permission) to nobody
Assignee: ddrinan0264 → nobody
QA Contact: carosendahl → nobody
Target Milestone: Future → ---
Product: PSM → Core
No longer blocks: majorbugs
QA Contact: nobody → s.mime
Version: psm2.0 → 1.0 Branch
Version: 1.0 Branch → Trunk
Product: Core → MailNews Core
Priority: P1 → --
You need to log in before you can comment on or make changes to this bug.