On 03/25/2016 02:36 PM, lst_hoe02(a)kwsoft.de wrote:
Zitat von Matthias Henze <lists(a)mhcsoftware.de>de>:
I had several discussions with other vendors of mail encryption
gateways and all told me that I'm wrong. But today Ciphermail did some
thing I've predicted and proved that I was right.
This is what I think, please correct me if I'm wrong:
For me s/Mime (like PGP) is a encryption system based on public and
private keys. If some one has access to the public key he can encrypt
some thing which only can be decrypted with the private key. So, when
some one sends an s/Mime signed mail to me I should be able to send a
encrypted mail to him even if I do not have a s/Mime certificate for
my e-mail address on my system.
Exactly this happened on my site with Ciphermail. I have a s/Mime
certificate for my e-mail addresses imported in Ciphermail and some
one else sent a signed mail to me. With this mail Ciphermail stored
the public key of the third party. When I mail to him Ciphermail does
what I would expect and encrypts the mails. Yesterday a other mail
user of my site which has no certificate in Ciphermail received a mail
from exact the same person and replied. The reply got encrypted by
Chiphermail despite the sender has no certificate imported to
Chiphermail. This was what I would expect to happen.
Bravo Ciphermail! :-) And thank you Ciphermail! You proved me right!
I had a discussion with the support of an other encryption gateway and
asked them, why mail sent to me from the other site got not encrypted
despite the system recorded my signature with my public key. They told
me that the mail do not get encrypted because the *sender* does not
have a certificate imported to their system and that it is impossible
to send s/Mime encrypted mails without a certificate for the *sender*.
This is a common (mis)behavior of e-mail clients, they refuse to sent
encrypted e-mail if they are not able to store the e-mail encrypted in
the "sent" folder. This is only possible if the *sender* also has a
certificate and a private key, but this not mandated by S/MIME standard.
I guess the other party simply adapted this behavior without rethinking
if it is useful for a gateway at all.
Oh I now see I completely misunderstood the original question :) As
Andreas already explained, email clients want to store the message
encrypted in the sent items folder and therefore requires that the
sender has a key. With a gateway this is not required.
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.