[imp] S/MIME IMP doesn't verify sender email?
vuser1 at test123.ru
vuser1 at test123.ru
Sat Nov 8 22:19:14 UTC 2008
Jan Schneider wrote:
> Zitat von "vuser1 at test123.ru" <vuser1 at test123.ru>:
>
>> When user1 send email signed by certificate issued to user2, IMP says
>> that email verification is OK, though there should be warning, I think.
>> ----------
>> From: *vuser2 at test123.ru *
>> To: vuser1 at test123.ru
>> Subject: certificate is not mine!
>> This message has been digitally signed via S/MIME.
>> The message has been verified. *Sender: vuser1 at test123.ru.*
>> The S/MIME certificate of Thawte Freemail Member: View/Save in your
>> Address Book
>> Show this HTML in a new window?
>> -----------
>> I have certificate issued to vuser2 at test123.ru, imported it to vuser1
>> and send the mail above. Mozilla Thunderbird says that message
>> signature is valid, but email address listed in sender certificate is
>> different from address that was used to send this message.
>>
>> Is there an option to say IMP to check sender email?
>
> It does that! The verification message clearly shows the certificate's
> owner.
>
> Jan.
>
Yes, it displays owner of cert, but why there is no warning that message
has been sent by other person? Definitely it indicates a problem if
sender's email is different from address in sender's cerificate.
More information about the imp
mailing list