GMail and S/MIME
Gil
with S/MIME and digital signatures?
I have received some signed emails using the Webmail extension, and
Thunderbird is telling me that the signature is not valid (message has
been modified).
Other recipients of the same message report no problem with the
signature - they do not use the Webmail extension but just basic POP.
I can't try the same, as I am behind a corporate firewall and cannot
use POP.
It does seems that I am able to receive some emails via the Webmail
extension with valid signatures. Only one sender seems to be affected
so far. It may be that senders using plaintext for their messages are
not affected, but those who compose using HTML may have their messages
corrupted (by the Webmail extension?).
I am using:
- TB 2.0.0.23
- WebMail 1.3.5
- WebMail - GMail 0.6.5b1
KE4AVB
Your sender would not happen be use of the free Hotmail service would
they? I have had problems sending signed and/or encrypted messages
through their service. They are opening and adding Hotmail taglines to
the messages sent thought their service thus invaliding the signatures
and encryptions. The same problem could be happening to other service
providers depending how they operate. The Hotmail problem occurs if I
use the online webmail or not.
Eugene
Gil
SMTP server. Hotmail was not involved.
When I got home, I downloaded the message using Thunderbird and
GMail's POP server. The digital signature is just fine when I
download it that way.
Thunderbird reports the signature as invalid only if I download the
message using the Webmail extension. It may be that the extension is
modifying the message in some trivial way (e.g., deleting a trailing
space) that renders the signature invalid.
Gil
The email in question includes one line with the following
text: .......
That is, my correspondent wrote a line with 7 periods in it.
When I download the message using a POP server, the line comes through
with the 7 periods, and the signature is just fine.
When I download the message using the Webmail extension, the line
comes through with only 6 periods. The Webmail extension loses one of
the periods somehow.
Because the Webmail extension has essentially tampered with the body
of the message (by removing a period), Thunderbird detects that fact
(because the signature is wrong) and reports that to me.
Gil
If I send myself a message, and the message has in it a line with just
periods (at least two), the Webmail Extension (GMail) will load the
message missing one period.
This happens even if there is no signature on the message. The
signature was just the way that I detected this problem.
Chris Clifton
changed in some way, altered formatting, adding a tagline or similar. If
this happens, the message that the extension sees on the website will
not be the same as the original, and any digital signature will be
invalidated. Remember the extension is downloading the mail as displayed
on the website, this may not be the same as the original mail received
from the sender. As you say even a minor formatting change, e.g. line
wrapping to fit the web page could be enough to cause the signature to
fail. If the message has already been altered to display on the web
page, then there's nothing the extension can do to prevent the signature
failing.
--
Chris Clifton
already removed the period, the extension is faithfully downloading what
Google displays, it can't do anything else.
--
Chris Clifton
suspect that the problem may be due to the fact that the extension
"reads" the email on the website, converts it back to a POP format email
and finally acts as as POP server to send the message to TB. Plenty of
scope in that process for unintentional alteration of some trivial
nature, but enough to cause a digital signature to fail.
alanrf
a GMail account.
I sent a message from a simple POP/SMTP account ... ie the message was
*not* sent through the Webmail add-ons.
The message was of two lines of text and the second (and final) line
consisted of a string of 7 period (".") characters.
The message was sent out as multipart/alternative format (that means
as both text and html ... to be displayed according to the wish of the
receiver).
The message was received in Thunderbird on the same account in 2
ways. The account is received in regular POP format from GMail
directly and also received from the account by the GMail add-on.
In the message received through the standard POP connection both the
multipart/alternative versions of the message contained 7 period
characters in the final line.
In the message received through the GMail add-on connection both the
multipart/alternative versions of the message contained 6 period
characters in the final line.
Chris Clifton
account in TB (I use IMAP for what it's worth). My guess is that this is
due to the way the webmail extensions work. Possibly over-simplified,
but in essence, the extension copies text from the web page (it would
have to be a page showing all the header information) then pastes it
into a blank mail and attempts to re-create the original POP mail to
forward on to Thunderbird. The source material that the extension has to
work on isn't the original mail as received by Google (or Hotmail, or
Yahoo...), but a version of it that has already been processed for
display on a web page.
Looking at some mails on Google and Hotmail sites, how do the extensions
preserve Header information when downloading mails to TB? I can't see
anyway on the web sites to display full headers, yet the Hotmail
extension downloads mails with headers intact. Is there some call that
the extension makes to the web site enabling it to access the source
code of emails? If the extension can access the original source code,
then my previous thoughts about how the extensions work may be
completely wrong.
--
Gil
couldn't imagine how the extension could ever download transmit mail
in such a way to preserve the validity of a digital signature. It
seemed that it would be especially hard for mail that is formatted
(e.g., sent in HTML).
The reality is that, for the most part, the extension has no trouble
preserving the validity of the signatures. I have received many
signed messages, and the signature coming through the extension is
fine on all of them except those with the "lines of dots". I have
done diffs on "line of dots" mails received via POP and the extension,
and the line of dots is the only difference. And, as has been pointed
out, GMail transmits the lines of dots correctly via its UI.
Maybe GMail provides some alternative interface that the extension can
use and that helps preserve the integrity of the message, at least in
most cases.
I tried to do a similar test with the Hotmail extension. There, I
wasn't able even to get the extension to download a mail with a "line
of dots" - Thunderbird just spun. I may have some other issues there
- I don't use Hotmail much.
On Jan 7, 12:20 am, Chris Clifton <gro...@talktalk.net> wrote:
Gil
different headers. That doesn't affect the digital signature, since
only the body of the mail is signed.
Gil
digitally signed messages. (These weren't actually to hotmail.com but
rather to q.com, a service MSN provides to Qwest.)
There were no problems with messages with lines of dots.
It seems that the problem may be limited to GMail.
For reasons that I do not understand, I was not able to use the
hotmail extension to download unsigned messages. I tried both 1.2.24
and 1.2.24b5. In both cases, an attempt to download a single unsigned
message timed out after a very long time. I am not especially
concerned about this, as I do not use the hotmail extension (or the
q.com address) normally.