-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 grover> We'd like to be able to sign all our outgoing mails.
grover> But not on each client system, which would mean everyone has grover> to install some plugin or gpg-aware mail client, but on the grover> mailserver itself. grover> This way nobody has to think about it and signing works grover> transparently for everyone. We would have one key for all, grover> like a corporate key. cbabcock> The corporate value of public key cryptography is much more cbabcock> readily attained using DKIM. Milter setup and key management cbabcock> for signing DKIM mail is pretty straight forward. You place cbabcock> your key in Text records in DNS. That establishes a cbabcock> meaningful connection between the identity of the sender (or cbabcock> at least ownership of the mail server) and the owner of the cbabcock> domain. Setting up DKIM with Postfix was at least as easy as cbabcock> setting up GPG with Claws and it makes an identity assertion cbabcock> that is appropriate for a server environment. I agree with Chris -- this seems like a good application for DKIM. In addition to non-repudiation, some email service providers will be much less likely to categorize DKIM-signed messages as spam (if that kind of thing matters to you.) One DKIM implementation I've used is <http://sourceforge.net/projects/dkim-milter/>. dkim-milter is very straightforward to set up with sendmail, and I know of people who've used it with postfix (configured as a mail filter.) Steve -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (Darwin) iEYEARECAAYFAknOR4kACgkQX7YJI4BuyDSrnQCfQ3HjyT2VSwqaw6Hx0QrPyrUu 6Z0AoKi2PIMJG1h/kpyKPeP9lJ9y3gM/ =9O3c -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
