Kai Engert wrote:
> Another short note: The problem with solely distributing the S/MIME
> certs is that a MUA does not have the S/MIME capabilities of the cert
> owner's MUA. So the sender MUA might choose a weak symmetric cipher.
> ...
> So the safest way is still to send a signed e-mail for cert exchange.
:-/
This seems to be solved with my implementation, because my keyserver can
forward the original signed message.
But it's not really a great solution.
I'm thinking the following could solve the problem if done by the
receiving software (thunderbird/seamonkey) :
- allow the mime-type application/x-x509-email-cert to be in pkcs#7/cms
format (this actually is already allowed)
- check if the pkcs#7 received in this way actually contain a
cryptographically valid signature (without testing the cert chain, just
testing that the signature value has been produced by the signature
certificate)
- if the signature is cryptographically correct, then, in addition to
the signer's certificate, import if present the content of the
sMIMECapabilities attribute of the pkcs#7
- in the verification of the pkcs#7, do not do the verification of the
actual content of the signature (so if it is a detached pkcs#7, don't
return in error because you don't have access to the actual data of the
signature, and if it's an opaque pkcs#7, don't verify it either, which
allows to remove it and make the pks#7 smaller)
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto