Taking S/MIME out to pasture
Tags :SMTP TLS S/MIME
I sent a Twitter yesterday on how I was overlooking the obvious in setting up some secure mail between two sites. They wanted to use S/MIME. Did both run Notes? No. That would have been easy with sharing of public keys and letting them encrypt until they couldn't breathe. This was a Notes to another email package. So the theory was creating X.509 certificates, passing them out like Halloween candy treats and hoping everyone nibbled.
Then it hit me. Why are we going through so much work here? So we got a common and known Internet certificate for both servers, made sure that the other side could understand it and forced all communication via TLS from SMTP to SMTP. Their whole point was encrypting data between the Internet flow, not necessarily once it was received since multiple people may need access to the data.
We set Domino 8 to force the TLS conversation and stop if it could not make one. We made sure the other server understood to start a TLS conversation when asked and off we went. Secure Internet mail flow between disparate sites at will.
blog comments powered by Disqus
On Friday, April 18th, 2008 by Chris Miller