Security issue: SMIME signature verification is still broken #216
Comments
|
Hi, I ran into an issue with S/MIME signatures and wanted to confirm if it was related to this issue. When I send an email from Thunderbird via the Bridge, the email body appears as an attached text file in Office 365 mail clients:
When I send mail from
Is this related or should I open a new bug? |
|
please open a new bug @jwflory - the first issue reported here is known but what you are describing is not. we'll look into different request sent from webclient and bridge to try and unravel this. |
|
@andrzejsza Acknowledged, I opened #230 for my issue. |
|
@tk-innoq is this still an issue for you with the latest version of Bridge? |
|
To follow this ticket |
|
@LBeernaertProton After two years I checked it again with Bridge Version 3.6.1. The issue is still the same as described in the ticket. |
|
After some investigation, it seems we currently can't correctly support this in the proton API. We will internally evaluate how to best proceed to support this use case, but we can't promise any ETA at this point. |
LBeernaertProton
added
enhancement
ProtonMail is still breaking email headers as already described in:
Expected Behavior
ProtonMail should by no means alter any contents/headers of incoming mails from a third party.
Current Behavior
ProtonMail changes the Mime-Type of a signed message:
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="--
vs.
Content-Type: multipart/mixed; boundary=
Message integrity cannot verified any more.
Possible Solution
Do not touch mail headers or content of signed messages.
Steps to Reproduce
Send a SMIME signed mail to a ProtonMail account.
Version Information
ProtonMail 4.0.5 and ProtonMailBridge still do not work.
The text was updated successfully, but these errors were encountered: