Zitat von Harakiri <[EMAIL PROTECTED]>:
--- On Sun, 11/9/08, Michael M Slusarz <[EMAIL PROTECTED]> wrote:
> Not necessarily, a user can send a message on behalf
of a larger entity that owns the cert. Beside that, there is
technically no mean to get a message's sender from a
MIME viewer (which is used to render and verify the signed
message) in Horde at the moment.
This will be possible in IMP 5 - the MIME Viewer will have
access to the full MIME message, including headers of the
base RFC822 part.
The senders address and the certificate e-mail do not need to match.
thunderbird or any other e-mail client is using the outdated smime
v2 spec. There is actually no requirement that the e-mails must match.
There are multiple reasons for this, the most obvious one is of
course that headers are not signed - since the from header isnt
signed, everyone can modify it and it does not belong to the
signature/certificate validation process. Another factor is, that
client certificates are enrolled even without e-mail addresses in
the certificate.
I hope IMP does not follow the suggestion by somebody on this list,
because currently it does the right thing.
Good to know! Can you point to some specs or RFCs, for the records?
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
--
IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: [EMAIL PROTECTED]
