Ahh, that makes sense then, ofcourse you could change the From header. Now, a client replying to the mail will probably do it to the trusted-server (unless you modify the reply-to header) but that is really often what you want, because otherwise the client cannot find the right certificate and thus not make an encrypted reply.
Now the final issue is how to forward the mail to the right recipient from the server, which is a bit of a challenge ;-) --S�ren On Thursday 12 February 2004 13:02, Vincenzo Gianferrari Pini wrote: > > > > Vincenzo: S/MIME code? > > > > > > This mailet (server side signing) is properly working, and just needs > > > to be javadoc enhanced and some ho-to documentation. But as I found a > > > problem with Outlook Express > > > > <snip> > > > > > because it considers as a tampering the fact of > > > having the signature not coming from the sender, > > > > <snip> > > Which it actually should according to the S/MIME standard (RFC-2632): > > > > Sending agents SHOULD make the address in the From or Sender header > > in a mail message match an Internet mail address in the signer's > > certificate. Receiving agents MUST check that the address in the From > > or Sender header of a mail message matches an Internet mail address > > in the signer's certificate, if mail addresses are present in the > > certificate. A receiving agent SHOULD provide some explicit alternate > > processing of the message if this comparison fails, which may be to > > display a message that shows the recipient the addresses in the > > certificate or other certificate details. > > I wasn't precise: > > a) the unsigned message comes with a > From: [EMAIL PROTECTED] > header; > > b) the mailet adds a > Sender: "Trusted Server" <[EMAIL PROTECTED]> > header and > > c) the mailet signs as > [EMAIL PROTECTED] > > Obviously it is all parameterized. > > This was done on purpose to comply with RFC-2632 (the Sender header is the > same as the Internet mail address in the signer's certificate), but Outlook > Express ignores the Sender header and checks only the From header. > > Vincenzo > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- S�ren Hilmer, M.Sc. R&D manager Phone: +45 70 27 64 00 TietoEnator IT+ A/S Fax: +45 70 27 64 40 Ved Lunden 12 Direct: +45 87 46 64 57 DK-8230 �byh�j Email: soren.hilmer <at> tietoenator.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
