Zitat von Matthias Henze <lists(a)mhcsoftware.de>de>:
Hi,
I had several discussions with other vendors of mail encryption
gateways and all told me that I'm wrong. But today Ciphermail did
some thing I've predicted and proved that I was right.
This is what I think, please correct me if I'm wrong:
For me s/Mime (like PGP) is a encryption system based on public and
private keys. If some one has access to the public key he can
encrypt some thing which only can be decrypted with the private key.
So, when some one sends an s/Mime signed mail to me I should be able
to send a encrypted mail to him even if I do not have a s/Mime
certificate for my e-mail address on my system.
Exactly this happened on my site with Ciphermail. I have a s/Mime
certificate for my e-mail addresses imported in Ciphermail and some
one else sent a signed mail to me. With this mail Ciphermail stored
the public key of the third party. When I mail to him Ciphermail
does what I would expect and encrypts the mails. Yesterday a other
mail user of my site which has no certificate in Ciphermail received
a mail from exact the same person and replied. The reply got
encrypted by Chiphermail despite the sender has no certificate
imported to Chiphermail. This was what I would expect to happen.
Bravo Ciphermail! :-) And thank you Ciphermail! You proved me right!
I had a discussion with the support of an other encryption gateway
and asked them, why mail sent to me from the other site got not
encrypted despite the system recorded my signature with my public
key. They told me that the mail do not get encrypted because the
*sender* does not have a certificate imported to their system and
that it is impossible to send s/Mime encrypted mails without a
certificate for the *sender*.
This is a common (mis)behavior of e-mail clients, they refuse to sent
encrypted e-mail if they are not able to store the e-mail encrypted in
the "sent" folder. This is only possible if the *sender* also has a
certificate and a private key, but this not mandated by S/MIME
standard. I guess the other party simply adapted this behavior without
rethinking if it is useful for a gateway at all.
Regards
Andreas