[Enhancement] Handle Outlook's Non-Standard S/MIME Signed Messages #8
Comments
bbottema
added a commit
that referenced
this issue
Dec 15, 2023
…ges, as the content-type is "multipart/signed", but the (S/MIME) protocol parameter is missing.
|
Released in 2.2.0. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In bbottema/outlook-message-parser#40, we've encountered scenarios where signed messages are stored in a non-standard configuration by Outlook. Specifically, Outlook may store a signed message as a .p7m attachment with a Content-Type of "multipart/signed", but then omit the essential protocol parameter. This omission complicates the identification process, as the lack of a protocol parameter leaves us uncertain whether the content was signed using S/MIME or something else, or if it was both signed and encrypted.
To address this, the library should be updated to return a 'maybe signed' status. This change will allow users of the library to attempt to unwrap the content, with the understanding that they should continue processing if unwrapping fails. This approach inherently means we cannot definitively distinguish between invalid signatures and content that is not actually signed. However, it's a necessary compromise to handle such cases, especially considering that these messages are most likely properly signed but simply missing the protocol parameter. A special thanks to Outlook for this unique challenge!
The text was updated successfully, but these errors were encountered: