Hi, > > if yes: > > given the situation that user a and b are internal users in djigzo, > > b gets deleted (user, certificate and keys), but emails send to a > > and b still can be read by b because djigzo uses the key of user a. > > is this justifiable (if the explanation mentioned above is correct)? > > Yes. Djigzo tries to decrypt the message not matter who the recipient > is. It only looks with which certificate the message was encrypted > with and uses the private key associated with the certificate. > > Djigzo also checks attached messages (message/rfc822) to see whether > they are encrypted. You can for example forward two messages both > encrypted with a different certificate and Djigzo will decrypt the > messages (if a private key is available).
I think this behaviour can be used to decrypt messages in a way it was never intended to: Given the situation a colleague of mine receives an encrypted email from an external communication partner. I was able to eavesdrop the SMTP communication between the sender and our Djigzo appliance, so I possess the encrypted mail cipher. I may now send the encrypted mail to myself via our Djigzo Appliance to gain access to the content of the mail: Djigzo decrypts the mail with the key of my colleague, but delivers the mail to myself. In my opinion Djigzo should not deliver any decrypted mails to recipients their certificate was not used to encrypt the mail. Is this behaviour intended to exist? I think not even being in the same enterprise legitimises being able to decrypt confidential messages of others. Kind Regards, Manuel Faux _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
