> "was never intended to" depends on how you look at it :). From my > point of view it was intended that way because I implemented it that way. > Djigzo is an email encryption gateway that encrypts and decrypts email > at the gateway level. If you don't want email to be decrypted at the > gateway level than don't put the private key on the gateway. If the > private key is not available, the message cannot be decrypted.
What do you think is the benefit of this feature? Is there any "normal" situation you forward an encrypted email without reencrypting it? > Then you should either not use a gateway encryption product or encrypt > email for specific users with certificates that are not stored on the > gateway (i.e., use real desktop-to-desktop encryption). A gateway > encryption solution assumes that you can trust you internal infrastructure. I think a gateway solution should not weaken the security of a desktop-to-desktop scenario, in situations it is not necessary in. I use a gateway scenario, because I want to benefit from the advantages like a centralized archive, an enforceable security policy and the transparency in front of my users. On the one hand I share your opinion, that in general you should assume to trust your internal infrastructure, but on the other hand there may be employees with different responsibilities which may not share same trust level. I have noticed, that other products refuse to decrypt messages in such a scenario. I just wanted to make sure you are aware of this feature and wanted to hear your opinion about it. Kind Regards, Manuel Faux _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
