> What does a normal Mailclient do in this case? As far as i know > Outlook/Thunderbird refuses to send a encrypted mail if there is no matching > (mailadress) certificate for one of the recipients and split the mail so every > copy is encrypted with the certificate which matches the recipient. > So the case to have a (internal) recipient with no private key on the gateway > but encrypted mail (with some other certificate from the > gateway) should not happen beside the case "domain-encryption".
Yes, Thunderbird refuses to send or even store the mail until a certificate is configured to be used. The trick is not to encrypting the whole email several times, but to encrypt the mail once with a random generated passphrase and encrypting this passphrase several times. This keeps the mail smaller in size and allows the use of hybrid encryption (asymmetric certificates and symmetric mail encryption). Thunderbird also behaves similar as Djigzo does at the moment: Is uses any available private key to open the mail, regardless if the key was configured for another mail account than the mail was received with. I think this behavior is legitimate, because one Thunderbird profile is only used by one person at one time. > So i would vote for a switch to allow either domain-encryption or secure-mode > with matching recipient address and private-key. I share your opinion, but maybe it is possible to use both modes at the same time, by differentiating at certificate level: A domain certificate does not contain any email address, but a personal certificate does. Kind Regards, Manuel Faux _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
