Kai Engert wrote:
On 08.06.2011 13:51, Jean-Marc Desperrier wrote:
Is the script smart enough to identify and extract the encryption
certificate in the mail when the sender uses separate signature and
encryption certificates ? (and of course the S/MIME properties are
correctly set to identify this, and propagate the encryption certificate
in the signed mail in addition to the signature certificate)
The keyserver can forward the original signed email to you,
which includes an *exact* copy of the signed message body.
This means if the user accidently sent in contact information in an e-mail
footer this information is also disclosed. If not already there you should put
a strong hint on the web page that the signed S/MIME messages should not
contain any private data except e-mail address.
Ciao, Michael.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
