[Users] [Bug 3755] verification of signatures successful despite non-matching sender addres
noreply at thewildbeast.co.uk
noreply at thewildbeast.co.uk
Wed Jan 11 10:46:42 CET 2017
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3755
--- Comment #3 from johannes schilling <claws-mail-bugzilla at deaktualisierung.org> ---
you're right, keys/certs don't neccessarily have addresses associated with
them, but many certificate authorities only sign S/MIME certs that have mail
addresses included and validate the email addresses.
so what i'm trying to say is: i know that it's not given that each certificate
has email addresses attached, but it's a use case many organisations i've been
to have and they require that i can't send an email in your name, signed as me
and have it get a green verification badge.
or, put another way: the way you see it, it's the S/MIME certificate alone that
verifies someones identity, and possible mismatches between mail addresses
(that i as a user see, but that are irrelevant to the protocol?) are to be
ignored; is that right?
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Users
mailing list