> I think this behaviour can be used to decrypt messages in a way it > was never intended to: Given the situation a colleague of mine > receives an encrypted email from an external communication partner. I > was able to eavesdrop the SMTP communication between the sender and > our Djigzo appliance, so I possess the encrypted mail cipher. I may > now send the encrypted mail to myself via our Djigzo Appliance to > gain access to the content of the mail: Djigzo decrypts the mail with > the key of my colleague, but delivers the mail to myself.
"was never intended to" depends on how you look at it :). From my point of view it was intended that way because I implemented it that way. Djigzo is an email encryption gateway that encrypts and decrypts email at the gateway level. If you don't want email to be decrypted at the gateway level than don't put the private key on the gateway. If the private key is not available, the message cannot be decrypted. > In my opinion Djigzo should not deliver any decrypted mails to > recipients their certificate was not used to encrypt the mail. > Is this behaviour intended to exist? I think not even being in the > same enterprise legitimises being able to decrypt confidential > messages of Then you should either not use a gateway encryption product or encrypt email for specific users with certificates that are not stored on the gateway (i.e., use real desktop-to-desktop encryption). A gateway encryption solution assumes that you can trust you internal infrastructure. Kind regards, Martijn Brinkers -- Djigzo open source email encryption
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
smime.p7s
Description: S/MIME Cryptographic Signature
