Zitat von Stefan Michael Guenther <[email protected]>: > Hello, > > let' s think of the following scenario: > > Our client has 5 employees and uses Djigzo > > E1, E2, E3, E4, E5 > > His business contact hat 5 employess, too, but doesn't use an > encryption gateway (encryption is performed by the email client) : > > e1, e2, e3, e4, 5 > > E1 exchanges emails with e1, e3, e5 > E2 exchanges emails with e1, e2, e3 > E3 echanges emails with e2,e3,e5 > and so on. > > Is it really necessary, that the IT admin on the other side runs > around and distributes all required user certificates? > Or is it possible to have a wildcard domain certificate, which only > has to be installed once? The web interface accepts "*@abc.com" as > an "email address". > > The problem in our real world scenario is, that our client has 250 > employees and the other side is a governmental organization with > some 3000+ employees. > Therefore, running around and distributing certifocates would only > be an option for marathon runners. ;-))
While there are wildcard or domain certificates available and Djigzo can handle them fine you are in trouble when using this certificates with non-Gatewayed Clients, because as far as i know every Mailclient check the e-mail address listed in the certificate against the mail-from header. Wildcard certificates are really useful if negotiated with the remote side also using a gateway, but otherwise the recipients will get warnings about non matching addresses. What might be a solution is to sign all outgoing mail so the recipients get the certificates automatically. But if you want encryption the remote mail clients must also have their own certificate/private-key to encrypt the local copy of the mail. Regards Andreas _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
