Bug 4152

Summary: Add support for triple-wrapped S/MIME (RFC 2634, part of RFC 5751 for S/MIME 3.2)
Product: Claws Mail (GTK 2) Reporter: Dr. Thomas Orgis <thomas.orgis>
Component: Plugins/Privacy/SMIMEAssignee: users
Status: NEW ---    
Severity: enhancement    
Priority: P3    
Version: other   
Hardware: PC   
OS: Linux   

Description Dr. Thomas Orgis 2019-01-30 15:38:25 UTC 
MS Outlook creates triple-wrapped mails when encrypting using S/MIME, which
apparently leads to some parsing issues with current Claws Mail (content
visible, but headers missing in message view and also compose view of a
reply).

These messages seem to work fine in other clients (namely, Apple Mail on
OS X or iOS). Thunderbird has an aging patch pending since 12 years
(https://bugzilla.mozilla.org/show_bug.cgi?id=380624).  The UI issues
indeed need some thought: How are inner and outer signatures displayed
to the user? What to do if one of them does not check?

The wrapping of S/MIME-encrypted content within another S/MIME blob for
adding an outer signature is called triple-wrapping and was described
back in 1999 in RFC 2634 (https://tools.ietf.org/html/rfc2634), which is
referred to in the S/MIME standard (version 3.2 / RFC 5751, 
https://tools.ietf.org/html/rfc5751).  A conforming S/MIME MUA should at
least be able to correctly handle incoming triple-wrapped mails.


PS: Thinking about security implications, I realized that this does not
really prevent ciphertext tampering attacks, S/MIME needs something along
PGP's MDC. Triple-wrapping can help, though, in case the UI offers the
choice to only automatically decrypt messages that were correctly wrapped
and signed by someone in a whitelist.