Wednesday, April 1, 2020

S/MIME signed messages support in Gmail

From RFC5751 

"There are two formats for signed messages defined for S/MIME:

  • application/pkcs7-mime with SignedData
  • multipart/signed.

In general, the multipart/signed form is preferred for sending, and receiving agents MUST be able to handle both."

As per 1st of April, 2020 the situation with S/MIME signed messages support for free Gmail accounts is as following:

multipart/signed

  • Gmail to Gmail: NOK  (since 2013)
  • Gmail to External Mail: NOK (since 2013)
  • External Mail to Gmail: OK 

application/pkcs7-mime with SignedData

  • Gmail to Gmail: NOK (since 2017)
  • Gmail to External Mail: OK
  • External Mail to Gmail: OK 

NOK means Gmail service mangles a message in transit by:
  • repacking MIME entities and changing boundaries
  • changing the content type of the message to multipart/mixed
  • restricting access to S/MIME signature for multipart/signed messages

The history of the above points:

No comments:

Post a Comment