Thunderbird and other clients are ok. I was looking if I could enable this
on the webmail side as it is very good.
Using S/Mime in webmail is a bit "unsecure", or at least difficult to
implement.
The idea behind S/MIME is that you have your private key under personal
control.
There are two possible ways to implement it:
1. Store the private smime certificates on the server, ask the users for
the private key/passphrase when needed and decrypt/sign the mails on the
server.
This is what for example horde/imp does.
That way you will have to trust your server(+operator), since they can
intercept your passphrase and then your certificate is no longer realy
yours.
Also the decrypted mails are probably in some temp files on the server
(or at least in the servers memory)
2. Use some sort of native component which decrypt/signs the mails on
the client computer.
This is what MS did choose for exchange.
When you use S/Mime in exchange webmail, then you have to install the
(Probably only windows) S/Mime plugin/addon.
The webserver then delivers your private certificate and your local
maschine asks for the passphrase for decrypting/signing the mails and
then does this locally.
That way the server never has access to your passphrase.
André
--
[email protected]
https://inverse.ca/sogo/lists
