From owner-freebsd-questions@FreeBSD.ORG Wed Apr 25 20:30:27 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5303A16A40B for ; Wed, 25 Apr 2007 20:30:27 +0000 (UTC) (envelope-from david@vizion2000.net) Received: from dns1.vizion2000.net (77-99-36-42.cable.ubr04.chap.blueyonder.co.uk [77.99.36.42]) by mx1.freebsd.org (Postfix) with ESMTP id D60DD13C458 for ; Wed, 25 Apr 2007 20:30:26 +0000 (UTC) (envelope-from david@vizion2000.net) Received: by dns1.vizion2000.net (Postfix, from userid 1007) id DB7BE1CC66; Wed, 25 Apr 2007 13:41:48 -0700 (PDT) From: David Southwell Organization: Voice and Vision To: Jeffrey Goldberg Date: Wed, 25 Apr 2007 13:41:48 -0700 User-Agent: KMail/1.9.6 References: <200704250910.30808.david@vizion2000.net> <0363BF5C-75AE-4A81-A1CB-D0A0F15E8AB3@goldmark.org> In-Reply-To: <0363BF5C-75AE-4A81-A1CB-D0A0F15E8AB3@goldmark.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200704251341.48692.david@vizion2000.net> Cc: freebsd-questions@freebsd.org Subject: Re: Digital signed mail- certificate issuing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Apr 2007 20:30:27 -0000 On Wednesday 25 April 2007 13:19:36 Jeffrey Goldberg wrote: > On Apr 25, 2007, at 11:10 AM, David Southwell wrote: > > Can anyone please tell me the simplest way I can issue my customers > > a means of > > digitally signing emails they transmit to us via our server. I need > > the > > chosen method to be compatible with most popular email clients and > > popular > > webmail services. > > As someone said, PGP and S/MIME are really the two choices. Neither > will be simple enough to go smoothly with all of your users, > particular your webmail users. Both involve understanding some > apparently tricky concepts, although your users (but not you) can be > spared from many of them. Particularly if you wish to issue > certificates (either client certificates or a self-signed server > certificate) you need to develop a good understanding of how things > are supposed to work. > > > Every customer has their identity and email addresses stored on our > > mysql > > database. > > > > Essentially my target is , as far as possible, to ensure that emails > > purporting to come from my customers are indeed from them and noone > > else. > > Do you need to know that it really is from such and such person, or > can you get by with knowing that it really is from such and such > email address? If the latter will be enough, then you can use the > same sort of confirmation mechanism that is used by mailing list > management systems. Simply require a response sent to a confirmation > request sent to the email address you are trying to authenticate. > > Also, why does this have to be an email based system instead of a web > based one? We need to cater for communications from ships at sea that are able to use slow wireless email systems but are not able to access the web. Thanks david > For the latter users can authenticate with a simple > username and password. > > -j