I'm looking for an easy to deploy way to make email clients (MUAs) display my email messages in a secure manner. PGP and SMIME both do this today, but they are high touch, and require software or client certificates to be deployed to the end user... or in the case of SMIME I have to pay a per user fee for each signing key.
Looking for a "free" method, that doesn't leave an annoying smime.p7s attachment everywhere.
Exchange "Domain Authenticated Email" within Exchange/Outlook seems to do the trick.
Question
Since I'm an ISP of sorts, is it acceptable (or Okay) to put several hundred TLS domains in the SAN a self signed TLS certificate, and then distribute that to partners?
What if this is a leaf/end entity certificate that has an EKU of client/server auth. Is it OK for the SMTP/TLS receiver to only trust this node and not the entire PKI?
Are there any other solutions similar / better than this?
It looks like this in the client when SMTP mutual Auth TLS is enabled: 3 screenshots follow:
Aucun commentaire:
Enregistrer un commentaire