[Users] [Bug 4152] New: Add support for triple-wrapped S/MIME (RFC 2634, part of RFC 5751 for S/MIME 3.2)
noreply at thewildbeast.co.uk
noreply at thewildbeast.co.uk
Wed Jan 30 15:38:25 CET 2019
https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4152
Bug ID: 4152
Summary: Add support for triple-wrapped S/MIME (RFC 2634, part
of RFC 5751 for S/MIME 3.2)
Classification: Unclassified
Product: Claws Mail
Version: other
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P3
Component: Plugins/Privacy/SMIME
Assignee: users at lists.claws-mail.org
Reporter: thomas.orgis at uni-hamburg.de
MS Outlook creates triple-wrapped mails when encrypting using S/MIME, which
apparently leads to some parsing issues with current Claws Mail (content
visible, but headers missing in message view and also compose view of a
reply).
These messages seem to work fine in other clients (namely, Apple Mail on
OS X or iOS). Thunderbird has an aging patch pending since 12 years
(https://bugzilla.mozilla.org/show_bug.cgi?id=380624). The UI issues
indeed need some thought: How are inner and outer signatures displayed
to the user? What to do if one of them does not check?
The wrapping of S/MIME-encrypted content within another S/MIME blob for
adding an outer signature is called triple-wrapping and was described
back in 1999 in RFC 2634 (https://tools.ietf.org/html/rfc2634), which is
referred to in the S/MIME standard (version 3.2 / RFC 5751,
https://tools.ietf.org/html/rfc5751). A conforming S/MIME MUA should at
least be able to correctly handle incoming triple-wrapped mails.
PS: Thinking about security implications, I realized that this does not
really prevent ciphertext tampering attacks, S/MIME needs something along
PGP's MDC. Triple-wrapping can help, though, in case the UI offers the
choice to only automatically decrypt messages that were correctly wrapped
and signed by someone in a whitelist.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Users
mailing list