Problem with protected header

Hello

we have a problem with a remote destination ditching encrypted mail
because of the header included by Djigzo. They claim that according to
RFC 3851 the S/MIME part must not include RFC822 headers. From what i
read in RFC 5751 section 3.1 there is a standard format to protect
headers. Is this special format used by Djigzo or is the remote side
right at claiming not standard conform S/MIME ?

Many Thanks

Andreas

AFAIK it's not explicitly said that you should or must not add any
headers. The receiving party is way too picky because there should be no
technical reason why the receiving server cannot validate and/or accept
the email. Do you know which S/MIME gateway this is?

Anyway, you can disable any headers being added to the signed or
encrypted part by removing or uncommenting the "protectedHeader" setting
in config.xml

so remove or uncomment in config.xml:

<protectedHeader> subject </protectedHeader>

Kind regards,

Martijn

···

On 01/-10/-28163 08:59 PM, lst_hoe02(a)kwsoft.de wrote:

we have a problem with a remote destination ditching encrypted mail
because of the header included by Djigzo. They claim that according to
RFC 3851 the S/MIME part must not include RFC822 headers. From what i
read in RFC 5751 section 3.1 there is a standard format to protect
headers. Is this special format used by Djigzo or is the remote side
right at claiming not standard conform S/MIME ?

--
Djigzo open source email encryption

Zitat von Martijn Brinkers <martijn(a)djigzo.com>:

we have a problem with a remote destination ditching encrypted mail
because of the header included by Djigzo. They claim that according to
RFC 3851 the S/MIME part must not include RFC822 headers. From what i
read in RFC 5751 section 3.1 there is a standard format to protect
headers. Is this special format used by Djigzo or is the remote side
right at claiming not standard conform S/MIME ?

AFAIK it's not explicitly said that you should or must not add any
headers. The receiving party is way too picky because there should be no
technical reason why the receiving server cannot validate and/or accept
the email. Do you know which S/MIME gateway this is?

Not sure but if i got it right but RFC-5751 section 3.1 say that a
special "media-type" is needed if headers should be included:

S/MIME is used to secure MIME entities. A MIME entity can be a sub-
part, sub-parts of a message, or the whole message with all its sub-
parts. A MIME entity that is the whole message includes only the MIME
message headers and MIME body, and does not include the RFC-822
header. Note that S/MIME can also be used to secure MIME entities used
in applications other than Internet mail. If protection of the RFC-822
header is required, the use of the message/rfc822 media type is
explained later in this section.

later on in the same text:

In order to protect outer, non-content-related message header fields
(for instance, the "Subject", "To", "From", and "Cc" fields), the
sending client MAY wrap a full MIME message in a message/rfc822
wrapper in order to apply S/MIME security services to these header
fields. It is up to the receiving client to decide how to present this
"inner" header along with the unprotected "outer" header.

Is this what Djigzo complies to?

Anyway, you can disable any headers being added to the signed or
encrypted part by removing or uncommenting the "protectedHeader" setting
in config.xml

Yes, i have found it in https://jira.djigzo.com/browse/GATEWAY-13

so remove or uncomment in config.xml:

<protectedHeader> subject </protectedHeader>

I have set
<protectedHeader> </protectedHeader>

for sign/clear-sign and encrypt, but leave it as is for receiving...

The entity complaining about the protectedheader ist Antigen btw. :frowning:

Regards

Andreas

···

On 01/-10/-28163 08:59 PM, lst_hoe02(a)kwsoft.de wrote: