support managed PKI for mail encryption / signing
For easier management of Astaro's mail encryption / signing feature in larger enviroments it would be helpful, if Astaro would support automated creation of encryption/signing mail users using trusted certificates through a automated interface to a official signing provider as trustcenter or swisssign or equal. There seems to exist RFC compliant interfaces to such providers according to RF2797 standard.
Alex Saternus commented
That would be great!
PLEASE PLEASE PLEASE implement this feature! :(
PLEASE PLEASE PLEASE implement this feature! :)
Integration with Active Directory PKI could also be a plus in a way to fecth certificate from AD for both internal mailboxes and external address that are included into the contcat list of the AD tree
Sascha Paris commented
Hi Bob. This is easy. Astaro's mailencryption / signing engine is ok if you have to create and manage 5, 10 or maybe also 50 users, because you have to create every user manually, and if you use trusted certificates for signing, you'll have to create and import every cert manually. Try to sell this to a customer who has 100, 200 or 1000 mailusers which needs mailsigning with trusted certificates, and a lot of changes in the staff - he will have to employ another dedicated administrator who has to create and maintain the whole stuff ;o)) There are the above mentioned standardized interfaces to some of the certificate providers, which will allow a automation of this process (creation, revocation or deleting of certificates out of a pre-ordered number (pool) of certificates).
Bob Alfson commented
Sascha, what effort would this alleviate? If individuals want to make their own decision about using encryption, isn't that already available with most mail clients?