Zitat von Andreas Behr - Krämer IT Solutions <andreas.behr(a)kraemer-it.de>:
Hi everbody,
we are planing to roll out a Djigzo based box to our customers.
Since we do not want to go to all boxes and add certs whenever a new
customer buys the box we are looking into a way to distribute the
certs.
I do believe a central directory service is the way to go.
Not sure if i understand correctly. Your customers need a box with
"pre-populated" external public S/MIME certificates, or do you refer
to the root-CA certificates?
So we are willing to contribute to building such a system. (Since we
would build one for our customers anyways)
If you have Java programers at hand i guess Martijn Brinkers would be
glad to get the help..
Regards
Andreas
Not sure if i understand correctly. Your customers need a box with "pre-populated" external public S/MIME certificates, or do you refer to the root-CA certificates?
No, not pre-populated, but self-populated. Whenever a new customer joins the 'secure mail network' the keys should be available to everybody without further interaction.
If you have Java programers at hand i guess Martijn Brinkers would be glad to get the help.
Yes we doe
···
-----Ursprüngliche Nachricht-----
Von: users-bounces(a)lists.djigzo.com [mailto:users-bounces(a)lists.djigzo.com] Im Auftrag von lst_hoe02(a)kwsoft.de
Gesendet: Montag, 14. Dezember 2009 17:43
An: users(a)lists.djigzo.com
Betreff: Re: Certificate directorys
Zitat von Andreas Behr - Krämer IT Solutions <andreas.behr(a)kraemer-it.de>:
Hi everbody,
we are planing to roll out a Djigzo based box to our customers.
Since we do not want to go to all boxes and add certs whenever a new
customer buys the box we are looking into a way to distribute the
certs.
I do believe a central directory service is the way to go.
Not sure if i understand correctly. Your customers need a box with "pre-populated" external public S/MIME certificates, or do you refer to the root-CA certificates?
So we are willing to contribute to building such a system. (Since we
would build one for our customers anyways)
If you have Java programers at hand i guess Martijn Brinkers would be
glad to get the help..
Regards
Andreas
---- Gesetzliche Pflichtangaben
Krämer IT Solutions GmbH
Koßmannstraße 7
66571 Eppelborn
Registergericht: Amtsgericht Saarbrücken, HRB 14379
Geschäftsführer: Michael Krämer
Andreas Behr - Krämer IT Solutions wrote:
Not sure if i understand correctly. Your customers need a box with "pre-populated" external public S/MIME certificates, or do you refer to the root-CA certificates?
No, not pre-populated, but self-populated. Whenever a new customer joins the 'secure mail network' the keys should be available to everybody without further interaction.
That would make a nice feature. "without further interaction", then how
does a user get their certificate? I would like to see a feature where a
new user gets a link by email where they can choose a password and
create the certificate. They get the cert by email in a pfx file
encrypted with the password they specified.
Or, which I think would be even better, the page on which you can create
the cert would be available to anyone who wants to send you email. I
know something like this is on the development agenda but I don't know
at what priority.
dagdag
Christine
···
If you have Java programers at hand i guess Martijn Brinkers would be glad to get the help.
Yes we doe
-----Ursprüngliche Nachricht-----
Von: users-bounces(a)lists.djigzo.com [mailto:users-bounces(a)lists.djigzo.com] Im Auftrag von lst_hoe02(a)kwsoft.de
Gesendet: Montag, 14. Dezember 2009 17:43
An: users(a)lists.djigzo.com
Betreff: Re: Certificate directorys
Zitat von Andreas Behr - Krämer IT Solutions <andreas.behr(a)kraemer-it.de>:
Hi everbody,
we are planing to roll out a Djigzo based box to our customers.
Since we do not want to go to all boxes and add certs whenever a new
customer buys the box we are looking into a way to distribute the
certs.
I do believe a central directory service is the way to go.
Not sure if i understand correctly. Your customers need a box with "pre-populated" external public S/MIME certificates, or do you refer to the root-CA certificates?
So we are willing to contribute to building such a system. (Since we
would build one for our customers anyways)
If you have Java programers at hand i guess Martijn Brinkers would be
glad to get the help..
Regards
Andreas
---- Gesetzliche Pflichtangaben
Krämer IT Solutions GmbH
Koßmannstraße 7
66571 Eppelborn
Registergericht: Amtsgericht Saarbrücken, HRB 14379
Geschäftsführer: Michael Krämer
_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users
--
dagdag is just a two-character rotation of byebye.
Zitat von Christine Karman <christine(a)christine.nl>:
Andreas Behr - Krämer IT Solutions wrote:
Not sure if i understand correctly. Your customers need a box with
"pre-populated" external public S/MIME certificates, or do you
refer to the root-CA certificates?
No, not pre-populated, but self-populated. Whenever a new customer
joins the 'secure mail network' the keys should be available to
everybody without further interaction.
That would make a nice feature. "without further interaction", then how
does a user get their certificate? I would like to see a feature where a
new user gets a link by email where they can choose a password and
create the certificate. They get the cert by email in a pfx file
encrypted with the password they specified.
Or, which I think would be even better, the page on which you can create
the cert would be available to anyone who wants to send you email. I
know something like this is on the development agenda but I don't know
at what priority.
The directory discussed is meant to solve the problem how to find the
public certificate if you like to sent someone a encrypted mail. With
digjzo this already works if the receiver has already sent you a mail
and this mail was signed which means the public certificate of the
intended receiver was attached. With a public "yellow-pages" directory
you can extend this by asking the directory for the public certificate
of a give mailaddress. It is not meant to provide private keys or
create public certificates in any way, this is what CAs are for. You
can use the built-in CA of Djigzo instead of external CA but this is a
completely other story.
Regards
Andreas
Zitat von Andreas Behr - Krämer IT Solutions <andreas.behr(a)kraemer-it.de>:
Not sure if i understand correctly. Your customers need a box with
"pre-populated" external public S/MIME certificates, or do you
refer to the root-CA certificates?
No, not pre-populated, but self-populated. Whenever a new customer
joins the 'secure mail network' the keys should be available to
everybody without further interaction.
If you have Java programers at hand i guess Martijn Brinkers would
be glad to get the help.
Yes we doe
Maybe contact him directly at support(a)djigzo.com
Regards
Andreas