[Djigzo users] Customer experience
martijn at djigzo.com
Tue Jun 2 19:24:01 CEST 2009
I'm thinking of adding the functionality Dan described to the next release:
1)User requests a certificate from the certificate request page
2)A email challenge (containing a link) is sent to users email address
3)User clicks on link in challenge and the certificate create page is opened
4)User fills in his/her details and chooses a password
5)The certificate is requested and sent to user protected with the password
The system can be configured whether the private key for the generated
certificate in step 5 should be stored or not. The main advantage of
storing the certificate is that when the user loses his/her certificate
the system administrator can resent it.
If a user does not accept or does not trust the certificates issued by
the gateway the user can always decide to use a certificate issued by
another trusted CA.
What I'm interested in is the readers view of what the ideal email
encryption system/gateway would look like. The reason I'm asking is that
part of our development agenda is based on user feedback. This helps me
making the system better.
Scott Chapman you said you didn't like the Zixit experience? What do you
not like about their approach? What features should I add to Djigzo to
make it your ideal encryption gateway?
Dan Banach wrote:
> I've always been troubled by the prospect of creating and issuing
> certs for our customers. It seems like a giant security hole in that I
> would know there passwords and actively possess there certificates.
> Would it be possible to make the CA so a client could create the cert
> without an admins intervention? For example they log onto the box with
> some passphrase we supply (we don't want everyone using our CA) and
> create and download their own cert. Maybe the certs are stored and sent
> encrypted by whatever password the client chooses?
> Just a thought.
Djigzo open source email encryption gateway www.djigzo.com
More information about the Users