Zitat von Martijn Brinkers <[email protected]>:
On 02/01/2011 11:53 AM, Manuel Faux wrote:"was never intended to" depends on how you look at it :). From my point of view it was intended that way because I implemented it that way. Djigzo is an email encryption gateway that encrypts and decrypts email at the gateway level. If you don't want email to be decrypted at the gateway level than don't put the private key on the gateway. If the private key is not available, the message cannot be decrypted.What do you think is the benefit of this feature? Is there any "normal" situation you forward an encrypted email without reencrypting it?Quite a lot of companies you it for domain to domain encryption. Setting up domain to domain encryption is really easy because the email is decrypted with any key it can find.Then you should either not use a gateway encryption product or encrypt email for specific users with certificates that are not stored on the gateway (i.e., use real desktop-to-desktop encryption). A gateway encryption solution assumes that you can trust you internal infrastructure.I think a gateway solution should not weaken the security of a desktop-to-desktop scenario, in situations it is not necessary in. I use a gateway scenario, because I want to benefit from the advantages like a centralized archive, an enforceable security policy and the transparency in front of my users. On the one hand I share your opinion, that in general you should assume to trust your internal infrastructure, but on the other hand there may be employees with different responsibilities which may not share same trust level.I understand your objections. Part of the reasons it was implemented this way is that it's much easier from a management perspective. The gateway tries to decrypt if possible. If this is not the required behavior it's best to use a desktop encryption product. I can however see how I can add an option to turn on "extra secure" mode. This however requires that when a message is received and the message has multiple recipients that the message is decrypted multiple times for all recipients and if it cannot be decrypted for a recipient because there is no key for the recipient that the message is delivered encrypted. It also has to be clear what certificate belongs to the user. Certificates are ok for a recipient if the email addresses in the certificate matches? This implies that domain encryption no longer works. What behavior would you like the gateway to have in "extra secure" mode?I have noticed, that other products refuse to decrypt messages in such a scenario. I just wanted to make sure you are aware of this feature and wanted to hear your opinion about it.I really appreciate your help and input. Have you also tried to see how they handle the case where you add an extra recipient. So, you have an encrypted message for user [email protected], now you also add as an extra recipient [email protected] (to the message envelope and header). Is the message then decrypted for user [email protected] and for user [email protected] it's still encrypted?
What does a normal Mailclient do in this case? As far as i know Outlook/Thunderbird refuses to send a encrypted mail if there is no matching (mailadress) certificate for one of the recipients and split the mail so every copy is encrypted with the certificate which matches the recipient. So the case to have a (internal) recipient with no private key on the gateway but encrypted mail (with some other certificate from the gateway) should not happen beside the case "domain-encryption".
So i would vote for a switch to allow either domain-encryption or secure-mode with matching recipient address and private-key.
Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
