[Bug 144606] New: Check From and Sender headers for S/MIME signed e-mails (S/MIME V3)
devconsole at gmail.com
devconsole at gmail.com
Tue Apr 24 14:01:56 BST 2007
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugs.kde.org/show_bug.cgi?id=144606
Summary: Check From and Sender headers for S/MIME signed e-mails
(S/MIME V3)
Product: kmail
Version: unspecified
Platform: Debian testing
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: general
AssignedTo: kdepim-bugs kde org
ReportedBy: devconsole gmail com
Version: (using KDE KDE 3.5.5)
Installed from: Debian testing/unstable Packages
OS: Linux
S/MIME Version 3 (RFC 2632) states that "Receiving agents MUST check that the address in the From or Sender header of a mail message matches an Internet mail address in the signer's certificate, if mail addresses are present in the certificate." (Section 3. Using Distinguished Names for Internet Mail)
KMail 1.9.5 seems to check only the From header and ignores the Sender header. It issues a warning which says the "Sender's mail address is not stored in the certificate used for signing" even if the Sender header corresponds to the address stored in the certificate.
More information about the Kdepim-bugs
mailing list