Jörn, > >The task: now we want to set up mailinglists (server side) > >like "[EMAIL PROTECTED]" where some users of our company and > >some from a customer should be able to write signed and > >encryted emails and everybody on the list should be able to > >read it. > > > >The question is how should this be done? The only solution I can > >imagine is to generate a certificate for the list and send the p12-file > >to everybody on the list. But does it really work with all mail > >programs, because for example: user A send an encrypted mail to > >[EMAIL PROTECTED] which is expanded to user B, but its not originally > >encrypted for B... > > > Message senders encrypt the message with the public key of the > mailinglist. The mailinglist server decrypts the message using the > private key for the mailinglist and encrypts it again individually > for every recipient. The problematic part is the signature, I guess. > Would it be possible to keep the original signature? > Or does the server have to check the sender's signature and sign > it again with it's private key if the original signature is correct? > > The email programs would handle the encryption part nicely, > but I fear that you cannot keep the original signature.. > > Jörn Sierwald
No the signature is not the (main) problem. The problem are the private keys of the users of the list. I don´t think thats a good idea to have private keys of users on a central mail server. They should remain on the client computers with password requests for every access to make sure that nobody except the user itself have access to the usage of their own certificates. Keep in mind that in your model even the customer needs to give us their private keys which is hardly possible, isn´t it? Damian -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
