Certificate directorys

Zitat von Andreas Behr - Krämer IT Solutions <andreas.behr(a)kraemer-it.de>:

Hi everbody,

we are planing to roll out a Djigzo based box to our customers.

Since we do not want to go to all boxes and add certs whenever a new
customer buys the box we are looking into a way to distribute the
certs.

I do believe a central directory service is the way to go.

Not sure if i understand correctly. Your customers need a box with
"pre-populated" external public S/MIME certificates, or do you refer
to the root-CA certificates?

So we are willing to contribute to building such a system. (Since we
would build one for our customers anyways)

If you have Java programers at hand i guess Martijn Brinkers would be
glad to get the help..

Regards

Andreas

Not sure if i understand correctly. Your customers need a box with "pre-populated" external public S/MIME certificates, or do you refer to the root-CA certificates?

No, not pre-populated, but self-populated. Whenever a new customer joins the 'secure mail network' the keys should be available to everybody without further interaction.

If you have Java programers at hand i guess Martijn Brinkers would be glad to get the help.

Yes we doe :wink:

···

-----Ursprüngliche Nachricht-----
Von: users-bounces(a)lists.djigzo.com [mailto:users-bounces(a)lists.djigzo.com] Im Auftrag von lst_hoe02(a)kwsoft.de
Gesendet: Montag, 14. Dezember 2009 17:43
An: users(a)lists.djigzo.com
Betreff: Re: Certificate directorys

Zitat von Andreas Behr - Krämer IT Solutions <andreas.behr(a)kraemer-it.de>:

Hi everbody,

we are planing to roll out a Djigzo based box to our customers.

Since we do not want to go to all boxes and add certs whenever a new
customer buys the box we are looking into a way to distribute the
certs.

I do believe a central directory service is the way to go.

Not sure if i understand correctly. Your customers need a box with "pre-populated" external public S/MIME certificates, or do you refer to the root-CA certificates?

So we are willing to contribute to building such a system. (Since we
would build one for our customers anyways)

If you have Java programers at hand i guess Martijn Brinkers would be
glad to get the help..

Regards

Andreas

---- Gesetzliche Pflichtangaben
Krämer IT Solutions GmbH
Koßmannstraße 7
66571 Eppelborn
                                                                           
Registergericht: Amtsgericht Saarbrücken, HRB 14379
Geschäftsführer: Michael Krämer

Andreas Behr - Krämer IT Solutions wrote:

Not sure if i understand correctly. Your customers need a box with "pre-populated" external public S/MIME certificates, or do you refer to the root-CA certificates?
    
No, not pre-populated, but self-populated. Whenever a new customer joins the 'secure mail network' the keys should be available to everybody without further interaction.
  

That would make a nice feature. "without further interaction", then how
does a user get their certificate? I would like to see a feature where a
new user gets a link by email where they can choose a password and
create the certificate. They get the cert by email in a pfx file
encrypted with the password they specified.
Or, which I think would be even better, the page on which you can create
the cert would be available to anyone who wants to send you email. I
know something like this is on the development agenda but I don't know
at what priority.

dagdag
Christine

···

  

If you have Java programers at hand i guess Martijn Brinkers would be glad to get the help.
    
Yes we doe :wink:

-----Ursprüngliche Nachricht-----
Von: users-bounces(a)lists.djigzo.com [mailto:users-bounces(a)lists.djigzo.com] Im Auftrag von lst_hoe02(a)kwsoft.de
Gesendet: Montag, 14. Dezember 2009 17:43
An: users(a)lists.djigzo.com
Betreff: Re: Certificate directorys

Zitat von Andreas Behr - Krämer IT Solutions <andreas.behr(a)kraemer-it.de>:

Hi everbody,

we are planing to roll out a Djigzo based box to our customers.

Since we do not want to go to all boxes and add certs whenever a new
customer buys the box we are looking into a way to distribute the
certs.

I do believe a central directory service is the way to go.
    
Not sure if i understand correctly. Your customers need a box with "pre-populated" external public S/MIME certificates, or do you refer to the root-CA certificates?

So we are willing to contribute to building such a system. (Since we
would build one for our customers anyways)

If you have Java programers at hand i guess Martijn Brinkers would be
glad to get the help..

Regards

Andreas

---- Gesetzliche Pflichtangaben
Krämer IT Solutions GmbH
Koßmannstraße 7
66571 Eppelborn
                                                                           
Registergericht: Amtsgericht Saarbrücken, HRB 14379
Geschäftsführer: Michael Krämer
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users

--
dagdag is just a two-character rotation of byebye.

Zitat von Christine Karman <christine(a)christine.nl>:

Andreas Behr - Krämer IT Solutions wrote:

Not sure if i understand correctly. Your customers need a box with
"pre-populated" external public S/MIME certificates, or do you
refer to the root-CA certificates?

No, not pre-populated, but self-populated. Whenever a new customer
joins the 'secure mail network' the keys should be available to
everybody without further interaction.

That would make a nice feature. "without further interaction", then how
does a user get their certificate? I would like to see a feature where a
new user gets a link by email where they can choose a password and
create the certificate. They get the cert by email in a pfx file
encrypted with the password they specified.
Or, which I think would be even better, the page on which you can create
the cert would be available to anyone who wants to send you email. I
know something like this is on the development agenda but I don't know
at what priority.

The directory discussed is meant to solve the problem how to find the
public certificate if you like to sent someone a encrypted mail. With
digjzo this already works if the receiver has already sent you a mail
and this mail was signed which means the public certificate of the
intended receiver was attached. With a public "yellow-pages" directory
you can extend this by asking the directory for the public certificate
of a give mailaddress. It is not meant to provide private keys or
create public certificates in any way, this is what CAs are for. You
can use the built-in CA of Djigzo instead of external CA but this is a
completely other story.

Regards

Andreas

Zitat von Andreas Behr - Krämer IT Solutions <andreas.behr(a)kraemer-it.de>:

Not sure if i understand correctly. Your customers need a box with
"pre-populated" external public S/MIME certificates, or do you
refer to the root-CA certificates?

No, not pre-populated, but self-populated. Whenever a new customer
joins the 'secure mail network' the keys should be available to
everybody without further interaction.

If you have Java programers at hand i guess Martijn Brinkers would
be glad to get the help.

Yes we doe :wink:

Maybe contact him directly at support(a)djigzo.com

Regards

Andreas