Re: Secure mailing list using S/MIME
On Wed, January 4, 2006 10:27, Stefano Bagnara wrote: > Noel J. Bergman wrote: >> For key management, I could see something like: > > A more genereric approach to secure email would be the following: > > - Every time james receive a signed message it store the public key in a > keystore (if not already existing). and replacing if the certificate in the store has expired or otherwise become invalid (e.g. placed on a CRL list) > - Every time james send a message should check in the keystore to find > out wether it contains the public key and if found encrypt the message. If the stored certificate is still valid an not on a CRL? Otherwise the mail should bounce with a message of that fact. If the message is sent to multiple receivers, this is further complicated as a decission has to be made on the bouncing/delivery rules: a) always send mail even if it cannot be encrypted to every recipient b) do not send to anyone if it cannot be encrypted to everyone c) send to those we can encrypt to bounce for rest. Different organisations will have opinions on this, trust me! > > This would add automatic "transparent" secure messaging to users signing > their messages. > > One further step would be to automatically generate new certificates for > authenticated users and automatically sign every outgoing message and > decrypt any incoming message: this way the users would continue to use > "plain" email but with added security. This is exactly the way we used James in my previous position at TietoEnator , they have ~250 customers on this solution (banks, ministries, ...) (only the authenticated users certificates where issued by a CA and placed on the James server). And while the concept is easy a lot of "business logic" quickly comes into play. End users wish to only sometimes encrypt/sign outgoing based on subtle rules (markings in Subject, headers, sender,...) --Søren > > Stefano > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Secure mailing list using S/MIME
Noel J. Bergman wrote: > For key management, I could see something like: A more genereric approach to secure email would be the following: - Every time james receive a signed message it store the public key in a keystore (if not already existing). - Every time james send a message should check in the keystore to find out wether it contains the public key and if found encrypt the message. This would add automatic "transparent" secure messaging to users signing their messages. One further step would be to automatically generate new certificates for authenticated users and automatically sign every outgoing message and decrypt any incoming message: this way the users would continue to use "plain" email but with added security. Stefano - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Secure mailing list using S/MIME
Hi Noel, This is really in my ball-game, and a very interesting scenario. Unfortunately my time is a bit sparse, after leaving my secure job and starting as an independant consultant. Do you know if any standard exists for such a scheme? --Søren -- Søren Hilmer, M.Sc., M.Crypt. wideTrailPhone: +45 25481225 Pilevænget 41Email: [EMAIL PROTECTED] DK-8961 Allingåbro Web: www.widetrail.dk On Wed, January 4, 2006 05:11, Noel J. Bergman wrote: > For key management, I could see something like: > > - A keypair is provided to the MLM for each mailing list > - During the subscribe request handshake, the user would > sign the subscription request. > - The MLM would verify that the signature matches the e-mail > address associated with the request, sign and encrypt a > confirmation request, and send it to the requested address. > - The user would send a signed and encypted confirmation. > - The MLM would subscribe the user and public key, and send > an encrypted confirmation. > > Thereafter, the sender would send encrypted and/or signed messages, > depending upon list policy, and the list would be able to send encrypted > messages to each user. This would provide privacy of content and prevent > address spoofing, both for senders and recipients. > > --- Noel > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Secure mailing list using S/MIME
For key management, I could see something like: - A keypair is provided to the MLM for each mailing list - During the subscribe request handshake, the user would sign the subscription request. - The MLM would verify that the signature matches the e-mail address associated with the request, sign and encrypt a confirmation request, and send it to the requested address. - The user would send a signed and encypted confirmation. - The MLM would subscribe the user and public key, and send an encrypted confirmation. Thereafter, the sender would send encrypted and/or signed messages, depending upon list policy, and the list would be able to send encrypted messages to each user. This would provide privacy of content and prevent address spoofing, both for senders and recipients. --- Noel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
