> Currently the domain certificate is only used for encrypting. For > decryption the gateway works like any email client i.e, decrypt when > possible. So what I'm thinking of is to add "strict mode", In "strict > mode" a recipient will only receive the message decrypted if one of the > following is true: > > 1. the message is encrypted with a certificate with private key > containing an email address that matches the email address of the recipient. > > or, > > 2. the message is encrypted with a certificate with private key that was > manually selected for the recipient > > or, > > 3. the message is encrypted with a certificate with private key that was > manually selected for the domain of the recipient > > > On non-strict mode the gateway behaves like it does not i.e, decrypt > when possible. > > Am I missing something?
I also think this behavior sounds reasonable, but I do not understand why to differentiate between those two modes. As far as I can follow, I do not see any need for decryption with a certificate's key which does not contain the correct e-mail address nor was manually associated with the user or the domain. When thinking about your pobox-scenario, Martijn, you could manually assign the pobox certificate with your actual email address and the decryption would even work in "high-secure mode". Kind Regards, Manuel Faux _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
