Zitat von Martijn Brinkers <[email protected]>:
Currently the domain certificate is only used for encrypting. For decryption the gateway works like any email client i.e, decrypt when possible.
That's what i suspected. "Domain-encryption" is thus "enforced" by the sender as of today because receiving site has no way to prevent decrypting for all recipients with *any* matching private-key...
So what I'm thinking of is to add "strict mode", In "strict mode" a recipient will only receive the message decrypted if one of the following is true: 1. the message is encrypted with a certificate with private key containing an email address that matches the email address of the recipient. or, 2. the message is encrypted with a certificate with private key that was manually selected for the recipient or, 3. the message is encrypted with a certificate with private key that was manually selected for the domain of the recipient On non-strict mode the gateway behaves like it does not i.e, decrypt when possible.
Sounds like a sane solution to me.
Am I missing something?
The documentation needs to be adjusted. As of now i have difficulties to find the relevant parts for "S/MIME VPN" or "domain-encryption" or however we will call it in future. I'm sure i have read about it somewhere but i'm not able to find it again :-(
Many Thanks Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
