You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Noel J. Bergman" <no...@devtech.com> on 2006/01/03 23:43:05 UTC
Secure mailing list using S/MIME
We have S/MIME. Now here is an idea I'd like to see come to fruition, if
there is someone who would like to start work on it.
Sender posts e-mail to a mailing list using the public key associated with
that mailing list. Therefore, only the MLM, which holds the private key,
can read that e-mail. The Secure MLM uses the public key for each
subscriber to encrypt the message, and sends it on. Therefore, only the
valid intended recipients can read the e-mail.
Any thoughts? Any takers?
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
RE: Secure mailing list using S/MIME
Posted by Søren Hilmer <sh...@widetrail.dk>.
Hi Noel,
This is really in my ball-game, and a very interesting scenario.
Unfortunately my time is a bit sparse, after leaving my secure job and
starting as an independant consultant.
Do you know if any standard exists for such a scheme?
--Søren
--
Søren Hilmer, M.Sc., M.Crypt.
wideTrail Phone: +45 25481225
Pilevænget 41 Email: sh@widetrail.dk
DK-8961 Allingåbro Web: www.widetrail.dk
On Wed, January 4, 2006 05:11, Noel J. Bergman wrote:
> For key management, I could see something like:
>
> - A keypair is provided to the MLM for each mailing list
> - During the subscribe request handshake, the user would
> sign the subscription request.
> - The MLM would verify that the signature matches the e-mail
> address associated with the request, sign and encrypt a
> confirmation request, and send it to the requested address.
> - The user would send a signed and encypted confirmation.
> - The MLM would subscribe the user and public key, and send
> an encrypted confirmation.
>
> Thereafter, the sender would send encrypted and/or signed messages,
> depending upon list policy, and the list would be able to send encrypted
> messages to each user. This would provide privacy of content and prevent
> address spoofing, both for senders and recipients.
>
> --- Noel
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
> For additional commands, e-mail: server-dev-help@james.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
Re: Secure mailing list using S/MIME
Posted by Søren Hilmer <sh...@widetrail.dk>.
On Wed, January 4, 2006 10:27, Stefano Bagnara wrote:
> Noel J. Bergman wrote:
>> For key management, I could see something like:
>
> A more genereric approach to secure email would be the following:
>
> - Every time james receive a signed message it store the public key in a
> keystore (if not already existing).
and replacing if the certificate in the store has expired or otherwise
become invalid (e.g. placed on a CRL list)
> - Every time james send a message should check in the keystore to find
> out wether it contains the public key and if found encrypt the message.
If the stored certificate is still valid an not on a CRL? Otherwise the
mail should bounce with a message of that fact.
If the message is sent to multiple receivers, this is further complicated
as a decission has to be made on the bouncing/delivery rules:
a) always send mail even if it cannot be encrypted to every recipient
b) do not send to anyone if it cannot be encrypted to everyone
c) send to those we can encrypt to bounce for rest.
Different organisations will have opinions on this, trust me!
>
> This would add automatic "transparent" secure messaging to users signing
> their messages.
>
> One further step would be to automatically generate new certificates for
> authenticated users and automatically sign every outgoing message and
> decrypt any incoming message: this way the users would continue to use
> "plain" email but with added security.
This is exactly the way we used James in my previous position at
TietoEnator , they have ~250 customers on this solution (banks,
ministries, ...) (only the authenticated users certificates where issued
by a CA and placed on the James server).
And while the concept is easy a lot of "business logic" quickly comes into
play. End users wish to only sometimes encrypt/sign outgoing based on
subtle rules (markings in Subject, headers, sender,...)
--Søren
>
> Stefano
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
> For additional commands, e-mail: server-dev-help@james.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
Re: Secure mailing list using S/MIME
Posted by Stefano Bagnara <ap...@bago.org>.
Noel J. Bergman wrote:
> For key management, I could see something like:
A more genereric approach to secure email would be the following:
- Every time james receive a signed message it store the public key in a
keystore (if not already existing).
- Every time james send a message should check in the keystore to find
out wether it contains the public key and if found encrypt the message.
This would add automatic "transparent" secure messaging to users signing
their messages.
One further step would be to automatically generate new certificates for
authenticated users and automatically sign every outgoing message and
decrypt any incoming message: this way the users would continue to use
"plain" email but with added security.
Stefano
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
RE: Secure mailing list using S/MIME
Posted by "Noel J. Bergman" <no...@devtech.com>.
For key management, I could see something like:
- A keypair is provided to the MLM for each mailing list
- During the subscribe request handshake, the user would
sign the subscription request.
- The MLM would verify that the signature matches the e-mail
address associated with the request, sign and encrypt a
confirmation request, and send it to the requested address.
- The user would send a signed and encypted confirmation.
- The MLM would subscribe the user and public key, and send
an encrypted confirmation.
Thereafter, the sender would send encrypted and/or signed messages,
depending upon list policy, and the list would be able to send encrypted
messages to each user. This would provide privacy of content and prevent
address spoofing, both for senders and recipients.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org