Multipart/signed mail handling for x.509

Hello!

I our organisation we start to use X.509 certificates
to sign emails.
The MUA produces mime multi-part mails with the content type
"multipart/signed".
These mails have 2 parts. The first one is the
plain/text message the second one is the x-pkcs7-signature.

The problem occurs if these messages are re-send by
RT. Then they will be transformed into a multipart/mixed
message and the text block is altered with text from
the templates, and the encoding could also be altered.
The result is that the recipient get a mail
with a broken signature.

We think the right way to handle these mails
is not to alter the multipart/signed block, but to
compose the rt mail as multipart/mixed, with the
multipart/signed block as one part of it.

–Start Multipart Mixed
–Part1: text from the rt-template
–Part2: multipart/signed
----Part2.1: plaintext message
----Part2.2: signature
–Part3: text from the rt-templated

The simpler way will to just throw the signature away, at
least when we send the message :frowning:

Has anybody found a solution, or could I configure RT
to archive this?

best regards!

sven

Hello!

I our organisation we start to use X.509 certificates
to sign emails.
The MUA produces mime multi-part mails with the content type
"multipart/signed".
These mails have 2 parts. The first one is the
plain/text message the second one is the x-pkcs7-signature.

The problem occurs if these messages are re-send by
RT. Then they will be transformed into a multipart/mixed
message and the text block is altered with text from
the templates, and the encoding could also be altered.
The result is that the recipient get a mail
with a broken signature.

RT will always be massaging the message when it’s sent with a template.
I’m not convinced that it’s possible to pass through signatures
unmolested with the current architecture.

-j