--- On Sun, 11/9/08, Michael M Slusarz <[EMAIL PROTECTED]> wrote:
> > Not necessarily, a user can send a message on behalf
> of a larger entity that owns the cert. Beside that, there is
> technically no mean to get a message's sender from a
> MIME viewer (which is used to render and verify the signed
> message) in Horde at the moment.
>
> This will be possible in IMP 5 - the MIME Viewer will have
> access to the full MIME message, including headers of the
> base RFC822 part.
The senders address and the certificate e-mail do not need to match.
thunderbird or any other e-mail client is using the outdated smime v2 spec.
There is actually no requirement that the e-mails must match.
There are multiple reasons for this, the most obvious one is of course that
headers are not signed - since the from header isnt signed, everyone can modify
it and it does not belong to the signature/certificate validation process.
Another factor is, that client certificates are enrolled even without e-mail
addresses in the certificate.
I hope IMP does not follow the suggestion by somebody on this list, because
currently it does the right thing.
--
IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: [EMAIL PROTECTED]
