tracker issue : CF-4203845

select a category, or use search below
(searches all categories and all time range)
Title:

CFMAIL encryption without .p7c file

| View in Tracker

Status/Resolution/Reason: Needs Review//EnhancementRequired

Reporter/Name(from Bugbase): Jack Drysdale Jr / ()

Created: 12/27/2018

Components: ColdFusion Services

Versions: 2016,11.0,2018

Failure Type: Others

Found In Build/Fixed In Build: /

Priority/Frequency: Normal /

Locale/System: / Platforms All

Vote Count: 1

It's my understanding that when an email client (like Outlook, or Thunderbird) sends an encrypted email, the client reaches out to a PKI to get the recipient's public key which it then uses to encrypt the message.  The receiving email client then uses the recipient's private key to decrypt the message. 

I can see how the way it currently is set up, CFMAIL can use a local copy of the public key.  But that means that 1) the developer has to first GET a copy of the public key and store it locally, and 2) if that key ever changes, the developer then has to get the new public key to keep things working smoothly.

Is it possible to set CFMAIL so that it can reach out to a PKI to get a user's public key for sending encrypted email?

Attachments:

Comments:

Needs review? What does that mean? Is that a note that someone internally needs to review this?
Comment by Jack D.
31769 | November 06, 2019 05:47:24 PM GMT
Jack, That's exactly what it mean. We will evaluate this and update the bug. -Nimit
Comment by Nimit S.
31770 | November 06, 2019 05:59:14 PM GMT