On 03/25/2016 01:28 PM, Matthias Henze wrote: > Hi, > > I had several discussions with other vendors of mail encryption gateways > and all told me that I'm wrong. But today Ciphermail did some thing I've > predicted and proved that I was right. > > This is what I think, please correct me if I'm wrong: > > For me s/Mime (like PGP) is a encryption system based on public and > private keys. If some one has access to the public key he can encrypt > some thing which only can be decrypted with the private key. So, when > some one sends an s/Mime signed mail to me I should be able to send a > encrypted mail to him even if I do not have a s/Mime certificate for my > e-mail address on my system. > > Exactly this happened on my site with Ciphermail. I have a s/Mime > certificate for my e-mail addresses imported in Ciphermail and some one > else sent a signed mail to me. With this mail Ciphermail stored the > public key of the third party. When I mail to him Ciphermail does what I > would expect and encrypts the mails. Yesterday a other mail user of my > site which has no certificate in Ciphermail received a mail from exact > the same person and replied. The reply got encrypted by Chiphermail > despite the sender has no certificate imported to Chiphermail. This was > what I would expect to happen. > > Bravo Ciphermail! :-) And thank you Ciphermail! You proved me right! > > I had a discussion with the support of an other encryption gateway and > asked them, why mail sent to me from the other site got not encrypted > despite the system recorded my signature with my public key. They told > me that the mail do not get encrypted because the *sender* does not have > a certificate imported to their system and that it is impossible to send > s/Mime encrypted mails without a certificate for the *sender*. > > And now Cipher mail did exactly that. > > Please tell me: Is this a misbehavior of Ciphermail and does it not > conform to the standard? I don't think so.
This is basically how S/MIME works. If someone sends an S/MIME digitally signed message typically the certificate of the sender (and intermediate certificate) are included with the signed message. The gateway will extract the certificate(s) from the digitally signed mail and store the certificate into the certificates store. If you then reply to the message, there will be a certificate available for the recipient. The fact that there is a certificate does not imply that the gateway will always automatically use the certificate. The certificate will only be used if the certificate is trusted. Basically this means that the certificate has to be issued by an issuing chain for which your gateway trusts the root certificate, the certificate should not be expired, not revoked, valid for S/MIME, the email address should match and some other checks. The certificate will be used for encryption if all the checks indicate no failure. To make this process smooth, it's therefore required that you add the roots which you and your communication partners trust. In principle more roots means a bigger chance that the certificate will be trusted. However, adding too many roots make it also more likely that you add a root which might not be trustworthy. For example do you need to add the root of the Mexican Notaries? Perhaps yes if you do business in Mexico, but no if you only do business in Germany. S/MIME trust level is a hierarchical trust based system. You trust the issuing CAs to validate any certificate. As long as the chain is trustworthy the system is relatively easy to use. With PGP things work a bit different. With PGP trust is not inferred using a top-down hierarchy. PGP supports a web-of-trust trust model. This is however really difficult to manage unless you really know what you are doing. In most cases, users just fall back to a single trust model, i.e., I trust this key or I do not trust this key. PGP is therefore not as smooth as S/MIME in most cases because you need to explicitly trust the key. Kind regards, Martijn Brinkers > I think that when I use a MUA to send encrypted mail it is very > important to have a certificate installed in the MUA because this is the > only way to encrypt the mail to the recipient AND to myself so I'm also > able to read what I've sent. But when a gateway doe the work it is not > mandatory that the sender has a certificate to send an encrypted mail. -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail _______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users
