On 02/01/2011 12:36 PM, Manuel Faux wrote: >> "was never intended to" depends on how you look at it :). From my >> point of view it was intended that way because I implemented it that way. >> Djigzo is an email encryption gateway that encrypts and decrypts email >> at the gateway level. If you don't want email to be decrypted at the >> gateway level than don't put the private key on the gateway. If the >> private key is not available, the message cannot be decrypted. > > What do you think is the benefit of this feature? Is there any "normal" > situation you forward an encrypted email without reencrypting it?
I was just thinking of the following situation which actually happens in my case. I still use a very old email address I have already for a long time ([email protected]). Pobox is only a forwarding service so email sent to my Pobox account is forwarded to my Djigzo email address. When someone sends encrypted email to my Pobox account using an email client it will be encrypted with the certificate for the Pobox email address. The email however will be forwarded to my Djigzo address. The gateway can decrypt the message because the gateway contains the private key of the Pobox account. When strict mode will be enabled, the gateway will refuse to decrypt the message because there will be a mismatch between recipient email address and certificate email address. Whether or not this is a good think (not in my case) it of course up to the gateway admin. Kind regards, Martijn Brinkers -- Djigzo open source email encryption
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
smime.p7s
Description: S/MIME Cryptographic Signature
