[Users] [Bug 3755] New: verification of signatures successful despite non-matching sender addres
noreply at thewildbeast.co.uk
noreply at thewildbeast.co.uk
Mon Jan 9 17:20:42 CET 2017
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3755
Bug ID: 3755
Summary: verification of signatures successful despite
non-matching sender addres
Classification: Unclassified
Product: Claws Mail
Version: 3.14.1
Hardware: PC
OS: Linux
Status: NEW
Severity: major
Priority: P3
Component: Plugins/Privacy
Assignee: users at lists.claws-mail.org
Reporter: claws-mail-bugzilla at deaktualisierung.org
Created attachment 1707
-->
http://www.thewildbeast.co.uk/claws-mail/bugzilla/attachment.cgi?id=1707&action=edit
gpg signed mail from wrong sender verifying correctly without warning
claws-mail does correctly verify the signature status for emails, so it shows
"Good Signature from <signature key primary address>".
it does not, however, verify the actual from/sender address is one of the
addresses in the signature key.
i have attached two email messages (one GPG, one S/MIME) that verify as
correctly signed messages, but each have a From: address that is not one of the
addresses in the smime certificate/gpg key.
expected behaviour: the signature status should include a warning that the from
address is none of the addresses in the signature key.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Users
mailing list