[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [no subject]
歐崇明(Chung-Ming Ou, Ph.D.) 中華電信研究所8F0專案 Project 8F0 (Public Key Infrastructure & Information Security) Telecommunication Laboratories Chunghwa Telecom. Co.,Ltd. TEL: + 886 3 4245879 MO: +886 928211042 FAX: + 886 3 4244147 ----- Original Message ----- From: "Arshad Noor" <arshad.noor@strongauth.com> To: <licather@wellsfargo.com> Cc: <pki-tc@lists.oasis-open.org> Sent: Thursday, January 06, 2005 10:12 AM Subject: Re: [pki-tc] Extranet S/MIME? > Catherine, > > Encryption in S/MIME works counter-intuitively to what one expects - > the decryption of encrypted S/MIME messages does not require the > sender to have a digital certificate at all (he/she does need to > have the RECIPIENT's certificate though, to encrypt the message in > the first place). The recipient need only have the private key to > their encryption certificate to decrypt the S/MIME contents. > > If your goal is only encrypted S/MIME, then you do need to setup a > repository (typically, an LDAP directory) where the encryption cert > of the recipient is available to senders. If setting up such a > repository is not feasible, an alternate way to ensure that senders > have the recipients' encryption certificate is to have the recipients > send a digitally signed e-mail to all senders. This automatically > sends the the signers' digital certificates in the S/MIME object. > Compliant S/MIME tools - such as Netscape's Messenger, Outlook > Express, (haven't tested Thunderbird yet - but will probably work) > will automatically import the senders' digital certificates into the > local address book. > > The next time the sender wants to send the recipient an encrypted > message, the recipients' encryption cert will already be available > to them locally to perform the encryption, thus obviating the need > to access a repository for the encryption cert. > > Hope that helps. > > Arshad Noor > StrongAuth, Inc. > > licather@wellsfargo.com wrote: >> Hi All, >> >> I'm seeking expert opinions and recommendations how to support S/MIME >> communications in an extranet. Specially, decrypting an encrypted email >> from another company, i.e., the recipient needs to get hold of the >> certificate of the email author’s. Does that mean, there needs to be an >> extranet directory service to facilitate obtaining certificates? If not, >> what service needs to be setup to facilitate that? Thank you in >> advance, >> >> Catherine Li >> >> CAST PKI Development >> >> Wells Fargo Services >> >> Office: 415.243.6228 >> >> Fax: 415.975.6780 >> >> MAC: A0186-056 >> >> Email: licather@wellsfargo.com >> >> This message may contain confidential and/or privileged information. If >> you are not the addressee or authorized to receive this for the >> addressee, you must not use, copy, disclose, or take any action based on >> this message or any information herein. If you have received this >> message in error, please advise the sender immediately by reply e-mail >> and delete this message. Thank you for your cooperation. >> > > > To unsubscribe from this mailing list (and be removed from the roster of > the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/pki-tc/members/leave_workgroup.php. >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]