Open Bug 844152 Opened 11 years ago Updated 2 years ago

Signature verification - expired certificate - wrong reason

Categories

(Thunderbird :: Security, defect)

17 Branch
x86_64
Linux
defect

Tracking

(Not tracked)

UNCONFIRMED

People

(Reporter: kapetr, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0
Build ID: 20130218103317

Steps to reproduce:

If signing certificate is expired, verification of signature fails - that is OK.

But TB reports wrong reason:
"Signature not valid.
The signing certificate is issued by CA, which you do not trust for this type of certificate."

That's not true. And no word about expiration.

When I change system time back and run TB again, verification is successful.
Remark: CA certificate is ok and valid until 2020.



Expected results:

See similar, but no exactly same report:
https://bugzilla.mozilla.org/show_bug.cgi?id=336599

See Ubuntu bug too:
https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1126070
This bug is still present in my Thunderbird. Version 23.0 on Linux (Ubuntu)

Note: I would expect the following behavior of Thunderbird: 
It should accept an expired certificate for signing an email without any error messages, if the date of the email itself falls within the validity time slot of the certificate. Why should a signature, which was valid at the time of signing, become invalid lateron?
(In reply to cytoduvimazibyxi@tempomail.fr from comment #1)
> It should accept an expired certificate for signing an email without any
> error messages, if the date of the email itself falls within the validity
> time slot of the certificate. Why should a signature, which was valid at the
> time of signing, become invalid lateron?

It is not fully correct. After certificate is expired == it is invalid. Anything signed with such cert is not possible to verify. 
To avoid expiration of signatures  - Time Stamping must be used.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.