I am asking what Mozilla will consider as a valid signature, and how it will respond. (please ignore spelling errors, we all know why) Start with the assumption that you have a validly structured X.509v3 certificate signed by an acceptable CA.
1) Must the email address in the cert match the the from line of the e-mail? 2) Must the email address in the cert match some address in the Recieved lines? 3) Must there be an email address in the cert at all? The signature is for the signer entity, not necessarily it's email address. 4) What if there are multiple emails in multiple subjectAltName extensions? 5) Is the cert considered valid if it's use is signature but not encryption? Is there any Mozilla ConOp for these circumstances? Victor Probo
