Modifying the contents of a message
irving at mozilla.com
Fri Jan 27 18:29:36 UTC 2012
Any modifications you make to a message in your (received) copy would
cause the sender's signature to no longer match, so it will be obvious
that the receiver's copy isn't what the sender signed.
While I haven't looked into Outlook's signing, there's no way for it to
permanently alter a message and keep the existing signature. They may be
doing something like "person A signed the original content of the
message, and person B altered the message and signed the altered
version" but there's no way to make it appear that person A signed the
altered version unless you have person A's private key.
- irving -
On 12-01-27 11:10 AM, Kent James wrote:
> On 1/26/2012 4:55 PM, Unicorn.Consulting wrote:
>>> I'm not very familiar with that area, so I'd be interested in hearing
>>> what others have to say on the matter :).
>> When I send my signed message to someone, or SMIME message, I would
>> like to think that I don't have to produce my copy to prove what I
>> sent to the recipient as a matter of course. If your going to use this
>> type thing, and I can understand where editing the subject may be
>> valid, I would like to see the digital signature removed by
>> Thunderbird if the content is changed.
>> Microsoft Outlook, which is the application sited most when people are
>> asking for this, will not save an existing signed mail without you
>> also having a digital signature, I assume it replaces the signature as
>> a part of the edit.
>> Certainly there is always the opportunity for a message to be modified
>> in a text editor, but please lets try and make fraudulent
>> modifications as hard as possible. As I understand it a digitally
>> signed message is a legal document in the EU. Should we be making the
>> modification (without obvious forensic fingerprinting of the process)
>> a simple process for add-on authors to execute.
> When reviewing addons that modify messages, I have not known what to
> require with respect to original message integrity. I would welcome
> suggestions along this line. But I am not the only reviewer of
> Thunderbird addons, and it is not easy to communicate reliably
> requirements such as maintaining message integrity to all editors.
More information about the tb-planning