144606 – Check From and Sender headers for S/MIME signed e-mails (S/MIME V3)

Bug 144606 - Check From and Sender headers for S/MIME signed e-mails (S/MIME V3)

Summary: Check From and Sender headers for S/MIME signed e-mails (S/MIME V3)

Status:	RESOLVED UNMAINTAINED

Alias:	None

Product:	kmail
Classification:	Unmaintained
Component:	encryption (show other bugs)
Version:	unspecified
Platform:	Debian testing Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	kdepim bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2007-04-24 15:01 UTC by devconsole
Modified:	2015-04-12 10:08 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description devconsole 2007-04-24 15:01:55 UTC

Version:            (using KDE KDE 3.5.5)
Installed from:    Debian testing/unstable Packages
OS:                Linux

S/MIME Version 3 (RFC 2632) states that "Receiving agents MUST check that the address in the From or Sender header of a mail message matches an Internet mail address in the signer's certificate, if mail addresses are present in the certificate." (Section 3. Using Distinguished Names for Internet Mail)

KMail 1.9.5 seems to check only the From header and ignores the Sender header. It issues a warning which says the "Sender's mail address is not stored in the certificate used for signing" even if the Sender header corresponds to the address stored in the certificate.

Comment 1 Laurent Montel 2015-04-12 10:08:53 UTC

Thank you for taking the time to file a bug report.

KMail2 was released in 2011, and the entire code base went through significant changes. We are currently in the process of porting to Qt5 and KF5. It is unlikely that these bugs are still valid in KMail2.

We welcome you to try out KMail 2 with the KDE 4.14 release and give your feedback.