[wellylug] GPG Webmail
Kevin Dorne
sweetpea-wellylug at tentacle.net
Tue Apr 27 23:31:18 NZST 2004
On 27/04/2004, at 22:34, John C Barstow wrote:
> On Mon, 2004-04-26 at 20:52 -0700, Kevin Dorne wrote:
>> This sounds more like an application for S/MIME than for PGP.
>> Centralised management (you create your own CA), control over user
>> certificates (you can issue revocations, etc.), and still
>> SquirrelMail support
>> (http://www.squirrelmail.org/plugin_view.php?id=54). It might be
>> easier to manage.
>>
> Hmm....sounds interesting. I could potentially manage the cert in LDAP
> and do all sorts of things with it. Do you have any good pointers to
> S/MIME configuration/setup? Google didn't turn anything up but I may
> have been using the wrong keywords.
Well, I'm not sure about how it works in your chosen webmail client (I
use IMP myself, and that rarely), but on the server side there's some
decent information available.
First, I'd have a look at this outline:
http://cisn.metu.edu.tr/pki2.php
(describes the basic structure of an S/MIME setup)
I have worked extensively from the information on this page:
http://www.pseudonym.org/ssl/ssl_cook.html
(OpenSSL certificate cookbook; describes how to create CA, server, and
client certificates)
The OpenCA project seems to offer much better support for working with
certificates, but it's slated for my "next project", as I'm pretty
happy with my barebones stuff for now:
http://www.openca.org/openca/
(Project home page)
Big caveat: I have not set up an automated, webmail-enabled S/MIME
system before; I have instead worked with clients such as Mozilla Mail
and the new Panther Mail application in OS X, and clients have managed
their own certificates. So, while S/MIME may be a better way to go
conceptually than PGP, you may find more support for PGP in webmail.
-k
More information about the wellylug
mailing list