[Users] [Bug 4027] New: SMIME: please implement RFC6476

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Thu May 17 22:12:51 CEST 2018


            Bug ID: 4027
           Summary: SMIME: please implement RFC6476
    Classification: Unclassified
           Product: Claws Mail
           Version: GIT
          Hardware: PC
               URL: https://datatracker.ietf.org/doc/rfc6476/
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P3
         Component: Plugins/Privacy/SMIME
          Assignee: users at lists.claws-mail.org
          Reporter: kardan at riseup.net

This document specifies the conventions for using Message
   Authentication Code (MAC) encryption with the Cryptographic Message
   Syntax (CMS) authenticated-enveloped-data content type.  This mirrors
   the use of a MAC combined with an encryption algorithm that's already
   employed in IPsec, Secure Socket Layer / Transport Layer Security
   (SSL/TLS) and Secure SHell (SSH), which is widely supported in
   existing crypto libraries and hardware and has been extensively
   analysed by the crypto community. 


I don't know if this is already implemented. It was suggested as a solution for
security issue with s/mime lately:

"The problem with S/MIME implementations missing integrity protection
is serious and we hope that vendors will quickly agree on implementing
RFC6476 or something similar. This seems to be the most interesting
finding, as it cannot be resolved quickly and it reminds everybody
to be careful with contents that can become active as a backchannel
or exploit code."


Thanks for your great work!

You are receiving this mail because:
You are the assignee for the bug.

More information about the Users mailing list