[Mailman-Users] Preserving S/MIME-Encoded Mail
gtaylor at riverviewtech.net
Tue Jan 20 06:12:12 CET 2009
On 1/19/2009 10:19 PM, Taylor, Grant wrote:
> I will play with forwarding an S/MIME signed / encrypted message and
> let you know what my MUAs (of choice) do with the message/rfc822 MIME
> body part.
I just sent my self an S/MIME signed message and then forwarded it as an
attachment (message/rfc822). When I read the forwarded message in
line (preview pane or opening the forwarding message) I can read the
forwarded message, but it has no indication that the forwarded message
is signed. I have to actually open the forwarded attached signed
message in it's own window to have any indication if the signature is
valid or not. Encrypted (as opposed to signed) messages behaved the
same way. The same holds true for a forward of the forward of the
original signed / encrypted message.
This means that it is possible to enclose a multipart/signed message as
a message/rfc822 MIME part and have it successfully display. The only
problem is that the attachments them selves would have to be opened (as
opposed to viewing them inline) to have any indication if the signature
is valid. Thus I think that Mailman (or any thing else doing similar
types of operations) should attach the original signed message as a
message/rfc822 MIME part *AND* sign it's own message including a textual
note that the original message had a valid signature. This way, by the
fact that the message that is received is signed (thus more or less
trusted) and stating that the original message had a valid signature.
Further if recipients want to verify this, they can open the attached
message/rfc822 MIME part and verify for them selves.
At least this is how Thunderbird and Outlook Express behaves.
Grant. . . .
More information about the Mailman-Users