At 21:41 07.03.2002 +0100, you wrote: >Hi everybody, > >we have set up our own CA and generated for everybody >user certificates for secure communication. It really works >fine. > >The task: now we want to set up mailinglists (server side) >like "[EMAIL PROTECTED]" where some users of our company and >some from a customer should be able to write signed and >encryted emails and everybody on the list should be able to >read it. > >The question is how should this be done? The only solution I can >imagine is to generate a certificate for the list and send the p12-file >to everybody on the list. But does it really work with all mail >programs, because for example: user A send an encrypted mail to >[EMAIL PROTECTED] which is expanded to user B, but its not originally >encrypted for B... > >Whats the best way solving such a mailinglist problem? What is >your experience and solution? I am sure I not the only one beeing >confronted with such a task (hope :-). > >thanx for your help, >Damian
Message senders encrypt the message with the public key of the mailinglist. The mailinglist server decrypts the message using the private key for the mailinglist and encrypts it again individually for every recipient. The problematic part is the signature, I guess. Would it be possible to keep the original signature? Or does the server have to check the sender's signature and sign it again with it's private key if the original signature is correct? The email programs would handle the encryption part nicely, but I fear that you cannot keep the original signature.. Jörn Sierwald ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
