[smime] Enveloping for the sender.
2009-09-29 10:04:23
So every S/MIME MUA I'm aware of includes the sender in the enveloped
message's RecipientInfos. This makes sense because people generally
expect to read the email they send themselves.
However, yesterday I had a case where a sender had two certs issued with the same email address subjectAlternativeName under two different PKIs (don't go there). On the system in question he had only one of these key pairs installed; the other was present but only as the cert (no private key). The MUA, for whatever reason, used the incomplete identity in the envelope RecipientInfos and the user was unable to read his sent mail.
I'm thinking that an MUA, when enveloping an outgoing message for the sender, should check to make sure the sender has the private key and warn the user if it's not present.
While this can be addressed as a bug in the MUA (and I'll be reporting it), I scanned through 3850, 3851, and 5652 and I find no mention of this enveloping for sender behavior anywhere. I was wondering if anyone felt enveloping for sender is common enough to place some minimal requirements on it, maybe in 3851 (I'm not sure it belongs in 5652).
-- Tim
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ smime mailing list smime(_at_)ietf(_dot_)org https://www.ietf.org/mailman/listinfo/smime
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [smime] CommitmentRules Question, David Reis Jr |
|---|---|
| Next by Date: | Re: [smime] Enveloping for the sender., Timothy J. Miller |
| Previous by Thread: | [smime] CommitmentRules Question, David Reis Jr |
| Next by Thread: | Re: [smime] Enveloping for the sender., Timothy J. Miller |
| Indexes: | [Date] [Thread] [Top] [All Lists] |