Bug 144606

Summary:	Check From and Sender headers for S/MIME signed e-mails (S/MIME V3)
Product:	[Applications] kmail	Reporter:	devconsole
Component:	encryption	Assignee:	kdepim bugs <kdepim-bugs>
Status:	RESOLVED UNMAINTAINED
Severity:	normal
Priority:	NOR
Version:	unspecified
Target Milestone:	---
Platform:	Debian testing
OS:	Linux
Latest Commit:		Version Fixed In:

Description devconsole 2007-04-24 15:01:55 UTC

Version:            (using KDE KDE 3.5.5)
Installed from:    Debian testing/unstable Packages
OS:                Linux

S/MIME Version 3 (RFC 2632) states that "Receiving agents MUST check that the address in the From or Sender header of a mail message matches an Internet mail address in the signer's certificate, if mail addresses are present in the certificate." (Section 3. Using Distinguished Names for Internet Mail)

KMail 1.9.5 seems to check only the From header and ignores the Sender header. It issues a warning which says the "Sender's mail address is not stored in the certificate used for signing" even if the Sender header corresponds to the address stored in the certificate.

Comment 1 Laurent Montel 2015-04-12 10:08:53 UTC

Thank you for taking the time to file a bug report.

KMail2 was released in 2011, and the entire code base went through significant changes. We are currently in the process of porting to Qt5 and KF5. It is unlikely that these bugs are still valid in KMail2.

We welcome you to try out KMail 2 with the KDE 4.14 release and give your feedback.