[Djigzo users] Customer experience

Martijn Brinkers martijn at djigzo.com
Wed Jun 17 16:33:08 CEST 2009


Hi Dan,

Dan Banach wrote:
>    Sorry it's taken some time to respond. We deal with a wide range of
> email recipients (large companies, small offices, individuals, etc.)
> with a wide range of email encryption knowledge, so the ideal encryption
> solution for us would be very flexible. Not only flexible for outgoing
> mail, but also incoming mail as well. Some users/business' use PGP,
> others use certs and some use the various other options. Being able to
> communicate with them all is very helpful.

Right now now I'm working on Blackberry S/MIME support for BIS users 
(for BES users there is already S/MIME email). Once that is finished I 
will start working on new major features. There are some features I 
would like to start working on but I'm not sure which one that should be.

Two main new features I was thinking about are:

1. PGP support
2. Client-less email encryption

Nr 1 is clear. I will briefly explain nr 2.

Client-less

Currently Djigzo supports S/MIME and PDF encryption. Recipients that do 
not want are cannot receive S/MIME or encrypted PDFs are currently not 
supported. The new encryption functionality I would like to add is the 
following:

If an email sent to an external recipient needs to be encrypted and the 
recipient cannot receive S/MIME email of an encrypted PDF the email will 
be converted to a .html file. The original plain-text message (and 
attachments) will be encrypted with a certificate for the external 
recipient and added to the .html. The .html will be added to a general 
message (which does not contain any sensitive information) and sent to 
the recipient. The recipient opens the .html message in the email client 
(can for example be hotmail). The .html will open a SSL connection to 
the companies Djigzo server (which can be a dedicated server just for 
the portal). The Djigzo server will show a login page. The recipient now 
has to login. After the login the recipients browser will push the 
encrypted 'blob' (contained in the HTML) to the portal. The portal will 
decrypt the message with the private key of the recipient (which is 
stored on the companies Djigzo server). The recipient can now read the 
message and download any attachments (the portal uses SSL for secure 
access).
The main advantage is that the recipient only requires a browser. The 
encrypted data is stored locally on the recipients system (there is no 
long term copy on the Djigzo server). An attacker needs access to the 
locally stored .html file AND the portal password to read the message.
The message is encrypted with the same algorithm as a S/MIME message. 
The only difference is that it's encoded inside a .html file.
A disadvantage is that the Djigzo server needs to be accessible to 
external recipients.


Right now I'm leaning towards implementing feature 2 but it could be 
that you or any other Djigzo user has another preference or request for 
a feature. If so I'm all ears :)


> 
>  I
> think another great feature you could include would be to grant internal
> users the ability to manage their own decryption profiles. They should
> be able to add/create there own certs/keys and create their own
> passwords. Ideally it is tied into the directory via ldap or something
> so authentication and user information is seamless.
> 

One problem is that currently the settings for an external user are 
shared by all internal users. So, if internal user A changes settings 
for external user E internal user B will also be affected. Do you want 
the user list to be different for each internal user?
Right now you can add admins with different roles. You can add an admin 
that can add keys etc. but not change the MTA settings,



Kind regards,

Martijn



More information about the Users mailing list