A comment and a question, Bob; the comment: My experience with Communicator 4.79 is that it can handle a certificate that has no E component in the DN (although it does have the subjectAltName extension) - and will allow you to sign e-mail (so long as the keyUsage & extendedKeyUsage extensions permit this).
However, given this, rather unfortunate limitation, it is easy to create an e-mail that claims to be from anybody you want to be (by putting in the appropriate e-mail address in the Preferences), and yet have a validly signed e-mail. If the reader does not actually click on the "Signed" icon to see who signed it, they could easily fall into the trap and assume that it was signed by the sender. The question: are there any plans to fix the existing Communicator code to validate the From address with the e-mail address in the subjectAltName? I'm guessing from this thread that the 6.x code will have that fix. Arshad Noor Robert Relyea wrote: --snip-- > > This is hardly the first implementation of S/MIME. We will already face > the problem that older versions don't even understand subjectAltName, > yet alone handle a multiple email address to single cert mapping. > Existing versions of Communicator will downright choke on Certs > presented as email certs without the email address in the SubjectName. > --snip--
