Autor: Kurt Lieber Data: A: exim-users Assumpte: Re: [Exim] server-side management of public keys?
Kurt Lieber said: > OK, but we're talking about encrypting messages with people's public
> keys, so I don't see how an unauthenticated client could increase risk.
> Again, I'm talking about managing *public* keys server-side. I never
> said anything about private keys.
After I sent this message, I realized you were talking about digitally
signing of messages sent by internal people, where I was referring
primarily to encrypting messages destined to external recipients. I agree
that you absolutely need to have some strong authentication in place if
you start digitally signing outgoing messages, though I still think this
can be effectively managed server-side, when combined with the necessary
precautions like SMTP/TLS.