Notes S/MIME and signed CD mails

by Volker Weber

You may remember that I was having difficulties receiving S/MIME message signed by Notes on the BlackBerry Internet Service. This has now been resolved. BIS 2.1 can read the format that Notes creates.

While testing this we have found an interesting situation. Depending on your setup, Notes will notify you that your message is being signed, but in fact it is not delivered as an S/MIME message. In the comments to my post Things that annoy me about Lotus Notes, part 4328 we have worked out that there are two ways to convert from Notes Rich Text to MIME: One option is to do it in the Notes client, and you will end up with the ugly HTML that was annoying me. The other option is to let the server convert from CD format to MIME and that will render the message in decent HTML code. Now we have determined that this option strips you from your ability to clear sign your messages with your X.509 private key.

Actually this is not even surprising since the message travels to the server and is converted there to MIME. As the server does not have your private key, it cannot sign this MIME-encoded message. The status notification in Notes says, the message is being signed. This information is correct, but at the same time completely useless, since the message is signed with your Notes private key, which is then stripped at the server when the message is converted to MIME.

Comments

There is another option: You can have the server sign mail on behalf of you. We have a product which signs messages on the server and also encrytps in- and outgoing messages there: BCC_MailProtect powered by Cerberus.

Andreas Kruemmel, 2006-10-16

This is the reason why Domino 7 has the policy option to add a disclaimer on the Notes client side (regardless if it works or not) instead of enforcing it at server side. Latter would break the encryption.

To balance the advertisement of products (done in other comments)
Of cause there are products on the market. Group technologies has IQ.Suite (IQ.Crypt), BCC was already advertised.

Christian Henseler, 2006-10-16

Christian, wouldn't you think it is up to me to "balance advertisement"? Where do you want me to send the invoice?

Volker Weber, 2006-10-16

Old vowe.net archive pages

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Paypal vowe