On 11/06/11 12:03, Michael Ströder wrote: > This means if the user accidently sent in contact information in an > e-mail footer this information is also disclosed. If not already there > you should put a strong hint on the web page that the signed S/MIME > messages should not contain any private data except e-mail address.
The best fix for this is to allow users to send in another signed email, which overwrites the original one as the one that the server sends out. That way, even if people get it wrong, they can fix it later. Gerv -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
