Notes S/MIME and signed CD mails
by Volker Weber
You may remember that I was having difficulties receiving S/MIME message signed by Notes on the BlackBerry Internet Service. This has now been resolved. BIS 2.1 can read the format that Notes creates.
While testing this we have found an interesting situation. Depending on your setup, Notes will notify you that your message is being signed, but in fact it is not delivered as an S/MIME message. In the comments to my post Things that annoy me about Lotus Notes, part 4328 we have worked out that there are two ways to convert from Notes Rich Text to MIME: One option is to do it in the Notes client, and you will end up with the ugly HTML that was annoying me. The other option is to let the server convert from CD format to MIME and that will render the message in decent HTML code. Now we have determined that this option strips you from your ability to clear sign your messages with your X.509 private key.
Actually this is not even surprising since the message travels to the server and is converted there to MIME. As the server does not have your private key, it cannot sign this MIME-encoded message. The status notification in Notes says, the message is being signed. This information is correct, but at the same time completely useless, since the message is signed with your Notes private key, which is then stripped at the server when the message is converted to MIME.
Tags: lotus notes s/mime signed x.509
Comments
There is another option: You can have the server sign mail on behalf of you. We have a product which signs messages on the server and also encrytps in- and outgoing messages there: BCC_MailProtect powered by Cerberus.
This is the reason why Domino 7 has the policy option to add a disclaimer on the Notes client side (regardless if it works or not) instead of enforcing it at server side. Latter would break the encryption.
To balance the advertisement of products (done in other comments)
Of cause there are products on the market. Group technologies has IQ.Suite (IQ.Crypt), BCC was already advertised.
Christian, wouldn't you think it is up to me to "balance advertisement"? Where do you want me to send the invoice?
Post a comment
Recent comments
Volker Weber
on GoDaddy.com Launches New Hosted Microsoft Exchange Plans at 01:14
Samuel Orsenne
on GoDaddy.com Launches New Hosted Microsoft Exchange Plans at 00:02
Martin Rosenberg
on Danke Bahn, geht doch at 23:56
Volker Weber
on Things I learned while signing up for Bluehouse at 19:59
Mathias Ziolo
on Ubuntu for the Asus Eee Netbooks at 17:33
Stuart Mcintyre
on Things I learned while signing up for Bluehouse at 15:58
Flemming Riis
on Bluehouse does not support my browser at 15:30
Thomas Radigewski
on Bluehouse does not support my browser at 15:26
Stuart Mcintyre
on Bluehouse does not support my browser at 15:25
Volker Weber
on Bluehouse does not support my browser at 15:03
Stuart Mcintyre
on Bluehouse does not support my browser at 14:59
Daniel Haferkorn
on Bluehouse does not support my browser at 14:51
Ben Poole
on Bluehouse does not support my browser at 14:43
Petite Abeille
on XING expands into UK and Ireland at 10:50
Stuart Mcintyre
on XING expands into UK and Ireland at 10:47
Stuart Mcintyre
on XING expands into UK and Ireland at 10:42
Volker Weber
on GoDaddy.com Launches New Hosted Microsoft Exchange Plans at 09:52
Stephan H. Wissel
on GoDaddy.com Launches New Hosted Microsoft Exchange Plans at 04:39
Henning Heinz
on GoDaddy.com Launches New Hosted Microsoft Exchange Plans at 22:32
Volker Weber
on Things I learned while signing up for Bluehouse at 22:09
Frank van Rijt
on Ubuntu for the Asus Eee Netbooks at 21:57
Jef Reynders
on Things I learned while signing up for Bluehouse at 21:56
Volker Weber
on GoDaddy.com Launches New Hosted Microsoft Exchange Plans at 21:03
Yves Luther
on GoDaddy.com Launches New Hosted Microsoft Exchange Plans at 21:00
Jan-Piet Mens
on Things I learned while signing up for Bluehouse at 20:45
Click here to subscribe
