Although I have not tested this theory, I suspect it is so that it can
encrypt the message both for the recipient and sender. Otherwise the
sender could not read their message from their sent items folder without
access to the recipients private key - which of course is a no-no!
Nothing in the S/MIME RFC's says you _have_ to have one. You should be
able to happily encrypt but not sign e-mail without one. Practicalities
mean for certain functionality in clients it may be necessary to have
your own certificate.
IT Systems http://e.govt.nz/see/mail
The Treasury http://www.treasury.govt.nz
From: Ben Littauer [mailto:littauer(_at_)blkk(_dot_)com]
Sent: Thursday, 9 May 2002 4:08 a.m.
Subject: RE: Are certificates _required_ by the sender?
Interesting you should ask this right now. I don't believe that there
any S/MIME requirement that says that the sender needs a cert. That
however, MS Outlook DOES require that you have a cert before it will let
encrypt a message on someone else's cert that you've received. Does
know why this is?
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Terje
Sent: Wednesday, May 08, 2002 5:26
Subject: Are certificates _required_ by the sender?
Is the sender of an email required to have a certificate, or is it
sufficient for the sender to have a copy of the certificate of the
recipient? I am thinking of an automated system, where one party will
be the sender, and never receive emails. In addition, no signatures are
required. Thus nobody will ever actually need the public key for the
automated system. However, I'm uncertain if the sender can send S/MIME
messages without having a certificate of it's own.
Thanks for your time
Sign-up for your own FREE Personalized E-mail at Mail.com