Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
RE: [suse-security] Encrypt E-Mails without human-agreement
  • From: "Reckhard, Tobias" <tobias.reckhard@xxxxxxxxxxx>
  • Date: Fri, 16 Aug 2002 07:59:29 +0200
  • Message-id: <96C102324EF9D411A49500306E06C8D1019893E3@xxxxxxxxxxxxxxxxx>

I'm not sure I understood your mail entirely, but here goes. I believe you
want to perform encryption and authentication of mail going out from your
mail server to all recipients and see the problem, that all those recipients
or one or several PKIs/Trust Centres need to provide you with a PGP public
key or X.509 certificate (or a different form of public key), asking if
there's a way to avoid that.

Short answer: No, there isn't.

Longer answer:

If you want to encrypt data so that only the true recipient can decode it
(or want to be able to verify the authenticity on the basis of individual
senders), you need to use asymmetric encryption with the public key that
only she knows/posesses the corresponding private key for. For that
requirement to be fulfilled, she (or a trusted 3rd party such as a trust
centre) needs to have created the keypair.

Actually, trust centres and PKIs make the game much more practically
feasible than the web of trust, because you have to access only a few
well-known certificate directories and (manually) place trust in only a few
(root) certificates.

Another possibiliy would be for you to be your own PKI, to have people
enroll public keys to you and you'd somehow verify and sign them. You could
create the keypairs yourself, too, but I wouldn't appreciate that if I was a
recipient, I'd prefer to create my own keypair.


< Previous Next >