User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4 Build Identifier: Thunderbird/1.0.2-1.3.3 (20050513) Fedora/1.0.4-1.3.1 I noticed that when receiving a message that have multiple nested MIME/multipart sections, Thunderbird won't recognize the digital signature if the FIRST "Content-Type" doesn't report multipart/signed, even if the digital signature is actually in a nested section. This particular situation I found out using Mailman 2.1.5 (still have to check with other version) that sometimes adds the mailing list signature transforming a mail message in a MIME multipart message with the original message (even if MIME multipart itself) in the first section and the signature in the second. (I am about to forward this to the Mailman mantainer too, but i don't expect a change there, and Mailman is widely used) Reproducible: Always Steps to Reproduce: I tried with these example message, sent directly to me telnetting to port 25 on my SMTP. It's easy to reproduce the trial just by changing both "RCPT" and "To:" lines with your address, then just open up the telnet session and paste it. Obviously, you will eventually find out that the digital signature is NOT correct, but this is another matter, as the problem is simply that in the FIRST case the signature won't even show, and in the second will. I also changed the multipart boundaries to something more readable. FIRST CASE (example of a mail with MIME multipart nested as Mailman would create): >>>FROM HERE MAIL FROM: <mmatarazzo@nuisoft.it> RCPT TO: <marco@nuisoft.it> DATA From: Marco Matarazzo <mmatarazzo@nuisoft.it> MIME-Version: 1.0 To: Marco <marco@nuisoft.it> Subject: Trying it out Content-Type: multipart/mixed; boundary="--mime" This is a cryptographically signed message in MIME format. ----mime Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="--sign" This is a cryptographically signed message in MIME format. ----sign Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Some text here. ----sign Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature AtcwggJAoAMCAQICAw6/+jANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwNTIwMTMyNTI5WhcNMDYwNTIwMTMyNTI5 WjBHMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSQwIgYJKoZIhvcNAQkBFhVt bWF0YXJhenpvQG51aXNvZnQuaXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0 4j8YEJnk4hje4AMjgWwIFBnOShJl5hskDKhYeKPhOV3ZwI9jxgIlWeYfL0C8O6nZt7QNuNPv TKsDKWerLdmAG1uqC0422YUG40xgO41WWV3TX+th0CiJAqxACKQisryV3je86fvh7r+iDFyb VHSUwV7k7xnfNgahNz6vZ+D0aWhFS4y1tlR4eSffDJPiFAwoW6QgcGl6RGE4JGFnHdHhmGOs kEP9cfgIlbtph9FeiUbFKCJco+KJsRRiix8gJUX/me0tIthMCe9ObAGEm4s3MiCpVsUylXlE MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII+TCC AtcwggJAoAMCAQICAw6/+jANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE BAUAA4GBAMHXePgSPAY9xiedXG7rcOIOledSYpraOLYcC3NAWwn/h40NT3Gq9M3iCMpSbp2/ LGLUE98fz4rFlYyDwy1ynNzLeqflHjaonwWmSHCUs7K0gThIiNrjTJ3FX3yW73nyqnnqOO9C hrG2yFreCKdxHzem1jxHUE3DtKfwJyC/wpkUMIIC1zCCAkCgAwIBAgIDDr/6MA0GCSqGSIb3 DQEBBAUAMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII+TCC AtcwggJAoAMCAQICAw6/+jANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE bWFpbCBNZW1iZXIxJDAiBgkqhkiG9w0BCQEWFW1tYXRhcmF6em9AbnVpc29mdC5pdDCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTiPxgQmeTiGN7gAyOBbAgUGc5KEmXmGyQM qFh4o+E5XdnAj2PGAiVZ5h8vQLw7qdm3tA240+9MqwMpZ6st2YAbW6oLTjbZhQbjTGA7jVZZ XdNf62HQKIkCrEAIpCKyvJXeN7zp++Huv6IMXJtUdJTBXuTvGd82BqE3Pq9n4PRpaEVLjLW2 VHh5J98Mk+IUDChbpCBwaXpEYTgkYWcd0eGYY6yQQ/1x+AiVu2mH0V6JRsUoIlyj4omxFGKL Lml0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAwdd4+BI8Bj3GJ51cbutw4g6V 51Jimto4thwLc0BbCf+HjQ1Pcar0zeIIylJunb8sYtQT3x/PisWVjIPDLXKc3Mt6p+UeNqif HyAlRf+Z7S0i2EwJ705sAYSbizcyIKlWxTKVeUT9IahEvqB8Ei851nInXbS0Q11a8ivns70o hF8BTAxPiiyEMhMLQL8CAwEAAaMyMDAwIAYDVR0RBBkwF4EVbW1hdGFyYXp6b0BudWlzb2Z0 BaZIcJSzsrSBOEiI2uNMncVffJbvefKqeeo470KGsbbIWt4Ip3EfN6bWPEdQTcO0p/AnIL/C mRQwggM/MIICqKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMG MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII+TCC AtcwggJAoAMCAQICAw6/+jANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE MSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEW HHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2 MjM1OTU5WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0 eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0Ew gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9 zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPP K9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGj gZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3Js LnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYw KQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEB BQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9 reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo0 5RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIDOzCCAzcCAQEwaTBiMQswCQYDVQQGEwJa QTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhh d3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAw6/+jAJBgUrDgMCGgUAoIIBpzAY BgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNTA1MjAxNDUxNTVa MCMGCSqGSIb3DQEJBDEWBBQLn5dHJK7ur9JbhYkiuKQ9EYk0uTBSBgkqhkiG9w0BCQ8xRTBD MAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzAN BggqhkiG9w0DAgIBKDB4BgkrBgEEAYI3EAQxazBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQK ExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u YWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDr/6MHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYD VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAw6/+jANBgkqhkiG9w0B AQEFAASCAQBjQatmWdmlKLSEXyFB2jrYfu8Y2tADEexkXOSuPt5LW3sHAM6AdChZNReLq0qv HyAlRf+Z7S0i2EwJ705sAYSbizcyIKlWxTKVeUT9IahEvqB8Ei851nInXbS0Q11a8ivns70o hF8BTAxPiiyEMhMLQL8CAwEAAaMyMDAwIAYDVR0RBBkwF4EVbW1hdGFyYXp6b0BudWlzb2Z0 YWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDr/6MHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYD VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE ----sign-- ----mime . QUIT >>>TO HERE SECOND CASE: Try it again after changing the line just after the "Subject": Content-Type: multipart/mixed; boundary="--mime" with Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="--mime" Actual Results: In the first case, the message won't show the digital signature. In the second, it will. Expected Results: It would have shown the digital signature in both cases. I tried to read MIME specification and I admit I cannot find out if nesting a multipart/signed in a multipart/mixed is right. I notice that (maybe, I am guessing) Mailman recognize the signed message, as it repeats the "This is a cryptographically signed message in MIME format." line, so maybe it should also set the message as multipart/signed and not multipart/mixed, or, moreover, simply add another section to an already multipart'ed (sorry for that) message. Anyway, other clients (included Outlook Express, sadly) correctly recognize the digital signature even in this case, and Thiunderbird won't. So i believe it should be fixed, even if it's not entirely correct.

Related to Core bug 145180 or Core bug 159238?

> Related to Core bug 145180 or Core bug 159238? It seems so. What is the best way to act? Remove this one ?

(In reply to comment #2) > What is the best way to act? Remove this one ? You could resolve this bug and mark it as a duplicate of the closest matching bug.

*** This bug has been marked as a duplicate of 145180 ***