[Djigzo users] Customer experience
martijn at djigzo.com
Wed Jun 17 16:33:08 CEST 2009
Dan Banach wrote:
> Sorry it's taken some time to respond. We deal with a wide range of
> email recipients (large companies, small offices, individuals, etc.)
> with a wide range of email encryption knowledge, so the ideal encryption
> solution for us would be very flexible. Not only flexible for outgoing
> mail, but also incoming mail as well. Some users/business' use PGP,
> others use certs and some use the various other options. Being able to
> communicate with them all is very helpful.
Right now now I'm working on Blackberry S/MIME support for BIS users
(for BES users there is already S/MIME email). Once that is finished I
will start working on new major features. There are some features I
would like to start working on but I'm not sure which one that should be.
Two main new features I was thinking about are:
1. PGP support
2. Client-less email encryption
Nr 1 is clear. I will briefly explain nr 2.
Currently Djigzo supports S/MIME and PDF encryption. Recipients that do
not want are cannot receive S/MIME or encrypted PDFs are currently not
supported. The new encryption functionality I would like to add is the
If an email sent to an external recipient needs to be encrypted and the
recipient cannot receive S/MIME email of an encrypted PDF the email will
be converted to a .html file. The original plain-text message (and
attachments) will be encrypted with a certificate for the external
recipient and added to the .html. The .html will be added to a general
message (which does not contain any sensitive information) and sent to
the recipient. The recipient opens the .html message in the email client
(can for example be hotmail). The .html will open a SSL connection to
the companies Djigzo server (which can be a dedicated server just for
the portal). The Djigzo server will show a login page. The recipient now
has to login. After the login the recipients browser will push the
encrypted 'blob' (contained in the HTML) to the portal. The portal will
decrypt the message with the private key of the recipient (which is
stored on the companies Djigzo server). The recipient can now read the
message and download any attachments (the portal uses SSL for secure
The main advantage is that the recipient only requires a browser. The
encrypted data is stored locally on the recipients system (there is no
long term copy on the Djigzo server). An attacker needs access to the
locally stored .html file AND the portal password to read the message.
The message is encrypted with the same algorithm as a S/MIME message.
The only difference is that it's encoded inside a .html file.
A disadvantage is that the Djigzo server needs to be accessible to
Right now I'm leaning towards implementing feature 2 but it could be
that you or any other Djigzo user has another preference or request for
a feature. If so I'm all ears :)
> think another great feature you could include would be to grant internal
> users the ability to manage their own decryption profiles. They should
> be able to add/create there own certs/keys and create their own
> passwords. Ideally it is tied into the directory via ldap or something
> so authentication and user information is seamless.
One problem is that currently the settings for an external user are
shared by all internal users. So, if internal user A changes settings
for external user E internal user B will also be affected. Do you want
the user list to be different for each internal user?
Right now you can add admins with different roles. You can add an admin
that can add keys etc. but not change the MTA settings,
More information about the Users