just had a closer look at the SMIME stuff (NE feature), and was quite a bit shocked, what's going on here.
Let's dig a bit in com_zimbra_smime.jarx:
That means nothing less than that the applet requires _FULL LOCAL PERMISSIONS_ on the Client
machine. So, it can do _ANYTHING_ that the local user can do, if the user allows the applet to be run.
And it gets even worse:
It also deploys _MACHINE CODE_, which of course can do whatever it wants with the local machine
(at least the current user account), without the user having any control whatsoever.
(see ./com/zimbra/smime/native/* inside the jarx file)
From a security pov this is TOTALLY INACCEPTABLE.
This is like giving an arbitrary postal/shipping (more precisely: the company who's building their cars)
the master key to your house !
We seriously considered rolling out Zimbra SMIME on certain large installations.
I'm really glad that I detected that early enough to stop the whole project.