PKI Pre-Installation Guide
Version 2.0.0
Page 23
4.
The application can be configured to allow the user to search the global address list or
book (also known as the GAL). Specify which LDAP Configuration should be used for
this capability.
□
LDAP – Default Configuration (as specified in section 2.5)
□
LDAP – Configuration 1 (as specified in section 8.1)
□
LDAP – Configuration 2 (as specified in section 8.2)
□
LDAP – Configuration 3 (as specified in section 8.3)
5.6 Email Signing and Encryption
The application can be configured to digitally sign and/or encrypt the email message and
attachments.
5.6.1 Email Signing
This feature is only available when a user is authenticated with a SmartCard. The certificate
used to sign the email is taken from the signing certificate available on the card.
1.
This feature can be always disabled, always enabled, or the user can be prompted. The
prompt that appears depends on the encryption setting.
□
Always Disabled
□
Always Sign
□
Prompt User
2.
When the email is only signed (not encrypted), it can be signed so that the receiver of the
email can read it even if his/her email client does not support digitally signed emails. Or
it can signed so that only email clients that support digitally signed emails can view it.
Which method should be used?
□
Clear (All email clients can view the email)
□
Opaque (Only email clients that support digital signatures can view the email)
3.
Some specifications (such as the DOD CAC) require that the Non-Repudiation bit of the
signing certificate be set in order for that certificate to be considered valid for digitally
signing emails. Is the Non-Repudiation bit required?
□
Yes
□
No