Zitat von Martijn Brinkers <[email protected]>:
On 01/-10/-28163 08:59 PM, [email protected] wrote:we have a problem with a remote destination ditching encrypted mail because of the header included by Djigzo. They claim that according to RFC 3851 the S/MIME part must not include RFC822 headers. From what i read in RFC 5751 section 3.1 there is a standard format to protect headers. Is this special format used by Djigzo or is the remote side right at claiming not standard conform S/MIME ?AFAIK it's not explicitly said that you should or must not add any headers. The receiving party is way too picky because there should be no technical reason why the receiving server cannot validate and/or accept the email. Do you know which S/MIME gateway this is?
Not sure but if i got it right but RFC-5751 section 3.1 say that a special "media-type" is needed if headers should be included:
S/MIME is used to secure MIME entities. A MIME entity can be a sub- part, sub-parts of a message, or the whole message with all its sub- parts. A MIME entity that is the whole message includes only the MIME message headers and MIME body, and does not include the RFC-822 header. Note that S/MIME can also be used to secure MIME entities used in applications other than Internet mail. If protection of the RFC-822 header is required, the use of the message/rfc822 media type is explained later in this section.
later on in the same text:In order to protect outer, non-content-related message header fields (for instance, the "Subject", "To", "From", and "Cc" fields), the sending client MAY wrap a full MIME message in a message/rfc822 wrapper in order to apply S/MIME security services to these header fields. It is up to the receiving client to decide how to present this "inner" header along with the unprotected "outer" header.
Is this what Djigzo complies to?
Anyway, you can disable any headers being added to the signed or encrypted part by removing or uncommenting the "protectedHeader" setting in config.xml
Yes, i have found it in https://jira.djigzo.com/browse/GATEWAY-13
so remove or uncomment in config.xml: <protectedHeader> subject </protectedHeader>
I have set <protectedHeader> </protectedHeader> for sign/clear-sign and encrypt, but leave it as is for receiving... The entity complaining about the protectedheader ist Antigen btw. :-( Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
