I see your point, thought I still think the feature would be useful mostly because the administrator does not currently get notified when a key is missing. (Or maybe I have missed the option for it in the documentation.) Sending an Email to the administrator with "xx(a)xx.xx sent us a signed Email but we don't have the public key" would be alright, even if it's not as comfortable as automatic downloads & imports.
Kind regards and I hope this message will get to the correct place,
mots
···
-----Ursprüngliche Nachricht-----
Von: Martijn Brinkers <martijn(a)djigzo.com>
Gesendet: Mo 08.09.2014 11:37
Betreff: Re: Automatic PGP key extraction from incoming mail
An: users(a)lists.djigzo.com;
On 09/08/2014 10:59 AM, mots wrote:
> I've seen this feature advertised here:
> On-premises email encryption gateway But I can't find anything
> about how to enable it in the documentation. I've tried sending
> myself the public key for my hotmail address as pub.key and
> pubkey.asc, yet no key was added to Ciphermail.
>
> The key is also on the pool.sks-keyservers.net key servers, yet
> Ciphermail didn't download it automatically when I sent myself a
> signed email.
> Where can I find the documentation for this feature? The
> administration guide doesn't say anything about it.
Currently the gateway will only extract a key if the key is attached to
the email as a separate attachment with content type set to
"application/pgp-keys". For example with Enigmail you can select "Attach
My Public Key" when composing a message. This will attach your public
key as an attachment. The gateway will then extract the key.
Currently the gateway will not automatically download a key from a key
server. I'm a little anxious to add that feature since that option can
be used to DOS the gateway by sending a lot of signed messages. The
gateway will then try to download a key from an external server over and
over. The main reason of supporting extracting attached keys is that not
all keys are stored on a key server. If someone send a key by email
which is not on a key server, the key will end up in the mailbox of the
recipient. This recipient is likely not to be the gateway admin and does
not know what to do with it. Also in this case the admin cannot import
the public key because the key is not on a key server and the email with
the key might not be accessible by the gateway admin. Therefore in this
case it might be a good to import the key (which is not enable by
default though). Note that importing a key does not mean the key is
automatically trusted.
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.
I see your point, thought I still think the feature would be useful
mostly because the administrator does not currently get notified when
a key is missing. (Or maybe I have missed the option for it in the
documentation.) Sending an Email to the administrator with "xx(a)xx.xx
sent us a signed Email but we don't have the public key" would be
alright, even if it's not as comfortable as automatic downloads &
imports.
-----Ursprüngliche Nachricht----- Von: Martijn Brinkers
<martijn(a)djigzo.com> Gesendet: Mo 08.09.2014 11:37 Betreff: Re:
Automatic PGP key extraction from incoming mail An:
users(a)lists.djigzo.com;
On 09/08/2014 10:59 AM, mots wrote:
I've seen this feature advertised here: On-premises email encryption gateway But I can't find anything
about how to enable it in the documentation. I've tried sending
myself the public key for my hotmail address as pub.key and
pubkey.asc, yet no key was added to Ciphermail.
The key is also on the pool.sks-keyservers.net key servers, yet
Ciphermail didn't download it automatically when I sent myself a
signed email.
Where can I find the documentation for this feature? The
administration guide doesn't say anything about it.
Currently the gateway will only extract a key if the key is
attached to the email as a separate attachment with content type
set to "application/pgp-keys". For example with Enigmail you can
select "Attach My Public Key" when composing a message. This will
attach your public key as an attachment. The gateway will then
extract the key. Currently the gateway will not automatically
download a key from a key server. I'm a little anxious to add that
feature since that option can be used to DOS the gateway by sending
a lot of signed messages. The gateway will then try to download a
key from an external server over and over. The main reason of
supporting extracting attached keys is that not all keys are stored
on a key server. If someone send a key by email which is not on a
key server, the key will end up in the mailbox of the recipient.
This recipient is likely not to be the gateway admin and does not
know what to do with it. Also in this case the admin cannot import
the public key because the key is not on a key server and the email
with the key might not be accessible by the gateway admin.
Therefore in this case it might be a good to import the key (which
is not enable by default though). Note that importing a key does
not mean the key is automatically trusted.
Kind regards,
Martijn Brinkers
-- CipherMail email encryption
Open source email encryption gateway with support for S/MIME,
OpenPGP and PDF messaging.