> Thunderbird also behaves similar as Djigzo does at the moment: Is uses any > available private key to open the mail, regardless if the key was configured > for another mail account than the mail was received with. I think this > behavior > is legitimate, because one Thunderbird profile is only used by one person at > one > time.
As far as I know all email clients work like this. They use any private key available for decryption. > >> So i would vote for a switch to allow either domain-encryption or secure-mode >> with matching recipient address and private-key. > > I share your opinion, but maybe it is possible to use both modes at the same > time, > by differentiating at certificate level: A domain certificate does not contain > any email address, but a personal certificate does. Strictly speaking there is no RFC yet (I think) that defines what a domain certificate should look like. There should therefore be some way to differentiate a domain certificate from a non-domain certificate. Right now only the sender specifies which certificate the receiver is using as a domain certificate. With the strict mode, the receiver should also specify which certificate is used as a domain certificate. Kind regards, Martijn -- Djigzo open source email encryption
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
smime.p7s
Description: S/MIME Cryptographic Signature
