[Kolab-devel] [issue3383] Signed only opaque S/MIME emails are labled "encrypted" (when they are not)

Bernhard Reiter kolab-issues at intevation.de
Thu Feb 5 09:50:33 CET 2009


New submission from Bernhard Reiter <bernhard at intevation.de>:

If an S/MIME email is 

i) signed only, 
ii) and send opaque 
iii) and missing the Content-Type attribute "smime-type=signed-data"

3.5.10.enterprise.0.20090121.914162-kk1 on Etch
will not directly display the message claiming that
it is "encrypted".

This is a problem as it might let people to believe that this email
was indeed encrypted when it was not.
I am attaching an example email.

You can create one by sending yourself an email, selecting S/MIME opaque
and then deleting the Content-Type attribute "smime-type=signed-data"
from the email.

It seems some real-world applications still send out such emails,
so this is not an academic issue.

As we probably cannot probe if this encrypted or now, unless we actually
try the decryption .. I believe we should rephrase the blue box
in being less precise about "encryption".

----------
assignedto: allen
messages: 18415
nosy: allen, bernhard, marc, till
priority: bug
status: unread
title: Signed only opaque S/MIME emails are labled "encrypted" (when they are not)
topic: enterprise35, enterprise4, kde client
___________________________________________________
Kolab issue tracker <kolab-issues at intevation.de>
<https://www.intevation.de/roundup/kolab/issue3383>
___________________________________________________




More information about the devel mailing list