prerequisite for encryption

Hi,

I had several discussions with other vendors of mail encryption gateways
and all told me that I'm wrong. But today Ciphermail did some thing I've
predicted and proved that I was right.

This is what I think, please correct me if I'm wrong:

For me s/Mime (like PGP) is a encryption system based on public and
private keys. If some one has access to the public key he can encrypt
some thing which only can be decrypted with the private key. So, when
some one sends an s/Mime signed mail to me I should be able to send a
encrypted mail to him even if I do not have a s/Mime certificate for my
e-mail address on my system.

Exactly this happened on my site with Ciphermail. I have a s/Mime
certificate for my e-mail addresses imported in Ciphermail and some one
else sent a signed mail to me. With this mail Ciphermail stored the
public key of the third party. When I mail to him Ciphermail does what I
would expect and encrypts the mails. Yesterday a other mail user of my
site which has no certificate in Ciphermail received a mail from exact
the same person and replied. The reply got encrypted by Chiphermail
despite the sender has no certificate imported to Chiphermail. This was
what I would expect to happen.

Bravo Ciphermail! And thank you Ciphermail! You proved me right!

I had a discussion with the support of an other encryption gateway and
asked them, why mail sent to me from the other site got not encrypted
despite the system recorded my signature with my public key. They told
me that the mail do not get encrypted because the *sender* does not have
a certificate imported to their system and that it is impossible to send
s/Mime encrypted mails without a certificate for the *sender*.

And now Cipher mail did exactly that.

Please tell me: Is this a misbehavior of Ciphermail and does it not
conform to the standard? I don't think so.

I think that when I use a MUA to send encrypted mail it is very
important to have a certificate installed in the MUA because this is the
only way to encrypt the mail to the recipient AND to myself so I'm also
able to read what I've sent. But when a gateway doe the work it is not
mandatory that the sender has a certificate to send an encrypted mail.

cheers
Matthias

Hi,

I had several discussions with other vendors of mail encryption gateways
and all told me that I'm wrong. But today Ciphermail did some thing I've
predicted and proved that I was right.

This is what I think, please correct me if I'm wrong:

For me s/Mime (like PGP) is a encryption system based on public and
private keys. If some one has access to the public key he can encrypt
some thing which only can be decrypted with the private key. So, when
some one sends an s/Mime signed mail to me I should be able to send a
encrypted mail to him even if I do not have a s/Mime certificate for my
e-mail address on my system.

Exactly this happened on my site with Ciphermail. I have a s/Mime
certificate for my e-mail addresses imported in Ciphermail and some one
else sent a signed mail to me. With this mail Ciphermail stored the
public key of the third party. When I mail to him Ciphermail does what I
would expect and encrypts the mails. Yesterday a other mail user of my
site which has no certificate in Ciphermail received a mail from exact
the same person and replied. The reply got encrypted by Chiphermail
despite the sender has no certificate imported to Chiphermail. This was
what I would expect to happen.

Bravo Ciphermail! And thank you Ciphermail! You proved me right!

I had a discussion with the support of an other encryption gateway and
asked them, why mail sent to me from the other site got not encrypted
despite the system recorded my signature with my public key. They told
me that the mail do not get encrypted because the *sender* does not have
a certificate imported to their system and that it is impossible to send
s/Mime encrypted mails without a certificate for the *sender*.

And now Cipher mail did exactly that.

Please tell me: Is this a misbehavior of Ciphermail and does it not
conform to the standard? I don't think so.

This is basically how S/MIME works. If someone sends an S/MIME digitally
signed message typically the certificate of the sender (and intermediate
certificate) are included with the signed message. The gateway will
extract the certificate(s) from the digitally signed mail and store the
certificate into the certificates store. If you then reply to the
message, there will be a certificate available for the recipient. The
fact that there is a certificate does not imply that the gateway will
always automatically use the certificate. The certificate will only be
used if the certificate is trusted. Basically this means that the
certificate has to be issued by an issuing chain for which your gateway
trusts the root certificate, the certificate should not be expired, not
revoked, valid for S/MIME, the email address should match and some other
checks. The certificate will be used for encryption if all the checks
indicate no failure.

To make this process smooth, it's therefore required that you add the
roots which you and your communication partners trust. In principle more
roots means a bigger chance that the certificate will be trusted.
However, adding too many roots make it also more likely that you add a
root which might not be trustworthy. For example do you need to add the
root of the Mexican Notaries? Perhaps yes if you do business in Mexico,
but no if you only do business in Germany.

S/MIME trust level is a hierarchical trust based system. You trust the
issuing CAs to validate any certificate. As long as the chain is
trustworthy the system is relatively easy to use. With PGP things work a
bit different. With PGP trust is not inferred using a top-down
hierarchy. PGP supports a web-of-trust trust model. This is however
really difficult to manage unless you really know what you are doing. In
most cases, users just fall back to a single trust model, i.e., I trust
this key or I do not trust this key. PGP is therefore not as smooth as
S/MIME in most cases because you need to explicitly trust the key.

Kind regards,

Martijn Brinkers

Zitat von Matthias Henze <lists(a)mhcsoftware.de>:

Hi,

I had several discussions with other vendors of mail encryption
gateways and all told me that I'm wrong. But today Ciphermail did
some thing I've predicted and proved that I was right.

This is what I think, please correct me if I'm wrong:

For me s/Mime (like PGP) is a encryption system based on public and
private keys. If some one has access to the public key he can
encrypt some thing which only can be decrypted with the private key.
So, when some one sends an s/Mime signed mail to me I should be able
to send a encrypted mail to him even if I do not have a s/Mime
certificate for my e-mail address on my system.

Exactly this happened on my site with Ciphermail. I have a s/Mime
certificate for my e-mail addresses imported in Ciphermail and some
one else sent a signed mail to me. With this mail Ciphermail stored
the public key of the third party. When I mail to him Ciphermail
does what I would expect and encrypts the mails. Yesterday a other
mail user of my site which has no certificate in Ciphermail received
a mail from exact the same person and replied. The reply got
encrypted by Chiphermail despite the sender has no certificate
imported to Chiphermail. This was what I would expect to happen.

Bravo Ciphermail! And thank you Ciphermail! You proved me right!

I had a discussion with the support of an other encryption gateway
and asked them, why mail sent to me from the other site got not
encrypted despite the system recorded my signature with my public
key. They told me that the mail do not get encrypted because the
*sender* does not have a certificate imported to their system and
that it is impossible to send s/Mime encrypted mails without a
certificate for the *sender*.

This is a common (mis)behavior of e-mail clients, they refuse to sent
encrypted e-mail if they are not able to store the e-mail encrypted in
the "sent" folder. This is only possible if the *sender* also has a
certificate and a private key, but this not mandated by S/MIME
standard. I guess the other party simply adapted this behavior without
rethinking if it is useful for a gateway at all.

Regards

Andreas

Oh I now see I completely misunderstood the original question As
Andreas already explained, email clients want to store the message
encrypted in the sent items folder and therefore requires that the
sender has a key. With a gateway this is not required.

Kind regards,

Martijn Brinkers

Thats what I wrote in my initial mail, MUA's only enforce this to be
able to store the mail in their sent folder and be able to make it
readable to the user.

Lets sum this up:

For sending an encrypted mail only the recipients public key is
required. In case of s/Mime, if the recipient has sent a signed mail, a
encrypted mail could be sent to him. This makes no statement about what
the recipient can do.

While typing one other thing comes to my mind. The other vendor can also
do mail archiving. When they want to archive the mail which is finally
sent, the encrypted mail, the certificate for the sender is required to
make it readable later.

I will discuss this with them and report back about the results.

cheers
Matthias

If there is a requirement to archive the email after encryption, you can
configure a "global" S/MIME additional encryption key. If an email is
encrypted with S/MIME and a global additional S/MIME encryption key is
configured, the message will also be encrypted with the additional key.
See for more information:

https://www.ciphermail.com/documents/html/administration-guide/#pf3c

Kind regards,

Martijn Brinkers