Andreas Behr - Krämer IT Solutions wrote:
if i understand correctly. Your customers need a box with
"pre-populated" external public S/MIME certificates, or do you
refer to the root-CA certificates?
No, not pre-populated, but self-populated. Whenever a new customer
joins the 'secure mail network' the keys should be available to
everybody without further interaction.
That would make a nice feature. "without further interaction", then how
does a user get their certificate? I would like to see a feature where a
new user gets a link by email where they can choose a password and
create the certificate. They get the cert by email in a pfx file
encrypted with the password they specified.
Or, which I think would be even better, the page on which you can create
the cert would be available to anyone who wants to send you email. I
know something like this is on the development agenda but I don't know
at what priority.
The directory discussed is meant to solve the problem how to find the
public certificate if you like to sent someone a encrypted mail. With
digjzo this already works if the receiver has already sent you a mail
and this mail was signed which means the public certificate of the
intended receiver was attached. With a public "yellow-pages" directory
you can extend this by asking the directory for the public certificate
of a give mailaddress. It is not meant to provide private keys or
create public certificates in any way, this is what CAs are for. You
can use the built-in CA of Djigzo instead of external CA but this is a
completely other story.