[Djigzo users] Customer experience

Dan Banach dbanach at OAMRI.com
Mon Jun 22 23:57:12 CEST 2009

I think option 1 is a desirable feature. I'm not overly impressed by the
security of option 2 (see my other post) so I'd rather see option 1.

As for my other statement about the internal users being able to manage
their encryption profiles, I meant their personal profiles. Let them
upload their own certs if they have them and enter their own passwords,
etc. I agree that the external user profiles should be managed globally.



-----Original Message-----
From: users-bounces at lists.djigzo.com
[mailto:users-bounces at lists.djigzo.com] On Behalf Of Martijn Brinkers
Sent: Wednesday, June 17, 2009 9:33 AM
To: users at lists.djigzo.com
Subject: Re: [Djigzo users] Customer experience

Hi Dan,

Dan Banach wrote:
>    Sorry it's taken some time to respond. We deal with a wide range of
> email recipients (large companies, small offices, individuals, etc.)
> with a wide range of email encryption knowledge, so the ideal
> solution for us would be very flexible. Not only flexible for outgoing
> mail, but also incoming mail as well. Some users/business' use PGP,
> others use certs and some use the various other options. Being able to
> communicate with them all is very helpful.

Right now now I'm working on Blackberry S/MIME support for BIS users 
(for BES users there is already S/MIME email). Once that is finished I 
will start working on new major features. There are some features I 
would like to start working on but I'm not sure which one that should

Two main new features I was thinking about are:

1. PGP support
2. Client-less email encryption

Nr 1 is clear. I will briefly explain nr 2.


Currently Djigzo supports S/MIME and PDF encryption. Recipients that do 
not want are cannot receive S/MIME or encrypted PDFs are currently not 
supported. The new encryption functionality I would like to add is the 

If an email sent to an external recipient needs to be encrypted and the 
recipient cannot receive S/MIME email of an encrypted PDF the email will

be converted to a .html file. The original plain-text message (and 
attachments) will be encrypted with a certificate for the external 
recipient and added to the .html. The .html will be added to a general 
message (which does not contain any sensitive information) and sent to 
the recipient. The recipient opens the .html message in the email client

(can for example be hotmail). The .html will open a SSL connection to 
the companies Djigzo server (which can be a dedicated server just for 
the portal). The Djigzo server will show a login page. The recipient now

has to login. After the login the recipients browser will push the 
encrypted 'blob' (contained in the HTML) to the portal. The portal will 
decrypt the message with the private key of the recipient (which is 
stored on the companies Djigzo server). The recipient can now read the 
message and download any attachments (the portal uses SSL for secure 
The main advantage is that the recipient only requires a browser. The 
encrypted data is stored locally on the recipients system (there is no 
long term copy on the Djigzo server). An attacker needs access to the 
locally stored .html file AND the portal password to read the message.
The message is encrypted with the same algorithm as a S/MIME message. 
The only difference is that it's encoded inside a .html file.
A disadvantage is that the Djigzo server needs to be accessible to 
external recipients.

Right now I'm leaning towards implementing feature 2 but it could be 
that you or any other Djigzo user has another preference or request for 
a feature. If so I'm all ears :)

>  I
> think another great feature you could include would be to grant
> users the ability to manage their own decryption profiles. They should
> be able to add/create there own certs/keys and create their own
> passwords. Ideally it is tied into the directory via ldap or something
> so authentication and user information is seamless.

One problem is that currently the settings for an external user are 
shared by all internal users. So, if internal user A changes settings 
for external user E internal user B will also be affected. Do you want 
the user list to be different for each internal user?
Right now you can add admins with different roles. You can add an admin 
that can add keys etc. but not change the MTA settings,

Kind regards,

Users mailing list
Users at lists.djigzo.com

More information about the Users mailing list