Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: petrahu
petrahu Author
User level: Level 1
4 points

SMIME mails and trust

Hello,


AppleMail doesn't trust the signer, if the email address in the from header and in the certificate field "RFC 822 Name" are different, the case of letters must be identical. This is okay and known.

The from-header of an email includes a string like "Firstname Lastname" and the email address. If this string matches the the "common name" in the certificate AppleMail doesn't trust the signer! If this string and the common name are different, AppleMail trusts!!!

This isn't correct!


Regards.

Petra Humann

Posted on Jul 23, 2012 1:19 AM

Reply
1 reply
User profile for user: petrahu
petrahu Author
User level: Level 1
4 points

Jul 24, 2012 2:10 AM in response to petrahu

RFC2632 http://www.ietf.org/rfc/rfc2632.txt says:


Receiving agents MUST check that the address in the From

or Sender header of a mail message matches an Internet mail address

in the signer's certificate, if mail addresses are present in the

certificate.

End-entity certificates MAY contain an Internet mail address as

described in [RFC-822]. The address must be an "addr-spec" as defined

in Section 6.1 of that specification.


RFC-822 says nothing about case sensibility in the address.


AppleMail does not check the Sender header! For example the mail address in the

From header is test@example.com, the Sender header is test@aa.example.com,

the mail is signed from test@aa.example.com, AppleMail doesn't trust the signer!

Reply

SMIME mails and trust

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up