> I understand your objections. Part of the reasons it was implemented > this way is that it's much easier from a management perspective. The > gateway tries to decrypt if possible. If this is not the required > behavior it's best to use a desktop encryption product. I can however > see how I can add an option to turn on "extra secure" mode. This however > requires that when a message is received and the message has multiple > recipients that the message is decrypted multiple times for all > recipients and if it cannot be decrypted for a recipient because there > is no key for the recipient that the message is delivered encrypted. It > also has to be clear what certificate belongs to the user. Certificates > are ok for a recipient if the email addresses in the certificate > matches? This implies that domain encryption no longer works. > > What behavior would you like the gateway to have in "extra secure" mode?
Maybe explicitly distinguishing between user certificates and domain certificates solves the problem. A domain certificate should not contain any email address at all, is that correct? I would simply remove all recipients from the mail, which do not have a valid certificate to decrypt the mail. Is this possible with the internal structure of Djigzo? Does the decrypting engine know anything about recipients? >> I have noticed, that other products refuse to decrypt messages in such a >> scenario. I just wanted to make sure you are aware of this feature and wanted >> to hear your opinion about it. > > I really appreciate your help and input. Have you also tried to see how > they handle the case where you add an extra recipient. So, you have an > encrypted message for user test at example.com, now you also add as an > extra recipient test2 at example.com (to the message envelope and header). > Is the message then decrypted for user test at example.com and for user > test2 at example.com it's still encrypted? In this case, [email protected] would receive the encrypted mail as an pkcs7 attachment, as he would receive without the existence of any encryption gateway, but the subject contains a string, which explains, that the mail could not be decrypted. _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
