is anybody out there who has used the SMIME or even PGP functionality?
It seems the MEG 7 makes following security issues available:
- SMIME encryption using domain certs only; no possibility to address SMIME end-to-end using personal certificates
- SMIME decryption using a single domain cert/machine SMIME cert/key
The same handling with PGP.
By Email Policies the Encryption and Decryption Options are referenced. There you can split outbound and inbound traffic,
by assigning appropriate functions to according functionalities.
Signing is possibe to detect, but the MEG cannot produce signedData.
Here are my questions:
- I cannot see any Email Policy about decryption. It is unclear for me, if the Compliance -> Signed rules touch this issue.
- Encryption seems to include envelope addresses, the messages to remote domains comes without any MUA headers visible
for the receiving MUA. Any hint for this behaviour?
- I would like to setup rules as conditionals consisting of mailaddresses to decide wheter or not to use encryption. If I can only implement a
single domain certificate, I would like to control the usage of this to a selected group of env-to addresses. Where can I do this?
It would be great to get some information and experiences about this issues.
Best Regards, Uwe