Checking the signature on receipt.

Now I have again a fundamental question. Is it true that the gateway does not
perform any signature verification on receipt?

Zitat von matthiasdort <room_djigzousermaillist(a)dotronik.net>:

Now I have again a fundamental question. Is it true that the gateway does not
perform any signature verification on receipt?

No, it does indeed perform verification and add some header about it's
findings:

X-Djigzo-Info-Signer-ID-0-0: CN=StartCom Class 3 Primary Intermediate Client
  CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL/8A/
X-Djigzo-Info-Signer-Verified-0-0: True
X-Djigzo-Info-Signer-Trusted-0-0: True

It also adds the extracted sender certificate to the database so it
may be used later for encrypting mail send to that sender address.

Regards

Andreas

Do Nov 03 2011 15:14:59 CET von "lst_hoe02" <lst_hoe02(a)kwsoft.de>
Betreff: Re: Checking the signature on receipt.

_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users

  (, 0 bytes) Herunterladen

Thank you for your detailed explanation. Now I understand it.

Still I would suggest to create the possibility that the gateway, if
provided in the settings, create an additional mail about the process,
analogous to the notification of the encryption.

Kind regards

Matthias

attachment.bat (686 Bytes)

attachment.bat (686 Bytes)

attachment.bat (686 Bytes)

Re_DjigzousersSecurityoftheX-Djigzo-Info-headers.eml|attachment (4 Bytes)

Re_DjigzousersSecurityoftheX-Djigzo-Info-headers.eml|attachment (4 Bytes)

Re_DjigzousersSecurityoftheX-Djigzo-Info-headers.eml|attachment (4 Bytes)

Zitat von matthiasdort <room_djigzousermaillist(a)dotronik.net>:

Thank you for your detailed explanation. Now I understand it.

Still I would suggest to create the possibility that the gateway, if
provided in the settings, create an additional mail about the process,
analogous to the notification of the encryption.

There is something related in the queue
(https://jira.djigzo.com/browse/GATEWAY-36). But the problem remain
how to teach the users to care about your way of notify that the
message was signed/encrypted.

Regards

Andreas

Fr Nov 04 2011 11:33:13 CET von "lst_hoe02" <lst_hoe02(a)kwsoft.de>
Betreff: Re: Checking the signature on receipt.

_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users

  (, 0 bytes) Herunterladen

Yes, you're right, why should you also can turn the Notify per user on, or
not.

   �

   Fr Nov 04 2011 11:33:13 CET von "lst_hoe02" <lst_hoe02(a)kwsoft.de>

attachment.bat (578 Bytes)

Re_DjigzousersSecurityoftheX-Djigzo-Info-headers.eml|attachment (4 Bytes)

I personally prefer that some keyword is added to the subject and not
sending an extra email when the message was signed and or encrypted. One
of the main advantages of adding something to the subject (for example
[encrypted][signed]) is that the information becomes part of the email.
If you use a separate email, you need to look which notification email
belongs to which email. An added benefit of adding a keyword to the
subject is that if you use the DLP functionality, you can add an
"enforce encryption" rule which is triggered when the subject contains
the encrypted keyword. This way, you can enforce that email which was
encrypted when received, *must be* encrypted when you reply.

Kind regards,

Martijn Brinkers