smime plugin validation

smime plugin 0.7 does not flag the From address when it does not match the signing certificate.  It should.  In fact, RFC2312 says it MUST:

"Receiving agents MUST check that the address in the From header of a mail message matches an Internet mail address in the signer's certificate. "

Certainly this means that the email address proper must match; it's not obvious that the display name must also match - the latter being a bit more complicated - should it match /CN=?  What about /G?  

The requirement is to detect that a message "From: Fred Florgle<fred@...>" but signed by "George J. Hacker Jr. <george@...>" with a valid certificate is flagged as NOT verified.

I think that in the event of a mismatch, both From: in the message header AND the certificate "verified" line in the S/MIME block should be flagged.

This is something that Squirrelmail could do -- or one could argue that it's openssl's smime -verify that is missing the check.

---------------------------------------------------------
This communication may not represent my employer's views,
if any, on the matters discussed.


     

------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge  
This is your chance to win up to $100,000 in prizes! For a limited time,
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize  
details at: http://p.sf.net/sfu/Challenge
-----
squirrelmail-plugins mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-plugins@...
List archives: http://news.gmane.org/gmane.mail.squirrelmail.plugins
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-plugins