Usage of AEAD in S/MIME in Thunderbird

11 views
Skip to first unread message

Falko Strenzke

unread,
Aug 15, 2023, 7:38:47 AM8/15/23
to dev-tec...@mozilla.org

I would like to report that we realized that even when sending an encrypted encrypted E-Mail between two Thunderbird instances, AEAD is not used in the S/MIME encryption, even though it seems to be supported by NSS. Instead the legacy CBC mode encryption, known to subject to all kind of manipulation attacks, is used. 

- Falko

--

MTG AG
Dr. Falko Strenzke
Executive System Architect

Phone: +49 6151 8000 24
E-Mail: falko.s...@mtg.de
Web: mtg.de


MTG Exhibitions – See you in 2023




MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany
Commercial register: HRB 8901
Register Court: Amtsgericht Darmstadt
Management Board: Jürgen Ruf (CEO), Tamer Kemeröz
Chairman of the Supervisory Board: Dr. Thomas Milde

This email may contain confidential and/or privileged information. If you are not the correct recipient or have received this email in error,
please inform the sender immediately and delete this email. Unauthorised copying or distribution of this email is not permitted.

Data protection information: Privacy policy

Falko Strenzke

unread,
Aug 16, 2023, 2:24:52 AM8/16/23
to dev-tec...@mozilla.org, Falko Strenzke, falko.s...@mtg.de
I found that this is tracked already here: https://bugzilla.mozilla.org/show_bug.cgi?id=1835697
Reply all
Reply to author
Forward
0 new messages